The restriction to the content such as disabling script or plugins is given by the internal frame.
An iframe with sandbox value as empty will have the following restrictions: –
- Forms can not be submitted
- Framed document cannot navigate its top level parent
- Scripts are disabled
- Stops frame content from using plugins
- New windows(browsing contexts) cannot be created by the framed document
- Framed content will be treated from an unique origin. Hence it will not have access to data stored in earlier cookies
- Disable APIs
- Automatically triggered features like auto playing videos etc are blocked
<iframe sandbox> </iframe>
Values
Value | Description |
(no value) | Applies all restrictions |
allow-forms | Re-enables form submission |
allow-pointer-lock | Re-enables APIs |
allow-popups | Re-enables popups |
allow-same-origin | Allows the iframe content to be treated as being from the same origin |
allow-scripts | Re-enables scripts |
allow-top-navigation | Allows the iframe content to navigate its top-level browsing context |
allow-same-origin
A web page can have access to a second web page only if both have the same origin.
Uniform Resource Identifier (URI), Port Number, and HostName
Same-origin
- https://www.google.com/p/contact-us.html
- https://www.google.com/p/about-us.html
Different Port So Not in the Same Origin
- https://www.google.com:82/p/contact-us.html
- https://www.google.com/p/about-us.html
Different Host So Not in the Same Origin
- https://en.www.google.com/p/contact-us.html
- https://www.google.com/p/contact-us.html
allow-top-navigation
Top navigation allows us to open the linked document in the full body of the window or the top browsing context.
Attribute | Value | Description |
target | _blank _parent _top framename _self | Opens the linked document in a new window or tab Opens the linked document in the parent frame Opens the linked document in the full body of the window Opens the linked document in a named frame Opens the linked document in the same frame as it was clicked (this is the default) |
Latest posts by vikashdev k (see all)
- PHP OOP: Traits - October 25, 2021
- PHP OOP: Late Static Binding - October 25, 2021
- PHP OOP : Static Members - October 23, 2021