HTML: Sandbox - scmGalaxy

Post Views: 6

The restriction to the content such as disabling script or plugins is given by the internal frame.

An iframe with sandbox value as empty will have the following restrictions: –

Forms can not be submitted
Framed document cannot navigate its top level parent
Scripts are disabled
Stops frame content from using plugins
New windows(browsing contexts) cannot be created by the framed document
Framed content will be treated from an unique origin. Hence it will not have access to data stored in earlier cookies
Disable APIs
Automatically triggered features like auto playing videos etc are blocked

Values

Value	Description
(no value)	Applies all restrictions
allow-forms	Re-enables form submission
allow-pointer-lock	Re-enables APIs
allow-popups	Re-enables popups
allow-same-origin	Allows the iframe content to be treated as being from the same origin
allow-scripts	Re-enables scripts
allow-top-navigation	Allows the iframe content to navigate its top-level browsing context

A web page can have access to a second web page only if both have the same origin.

Uniform Resource Identifier (URI), Port Number, and HostName

Same-origin

Different Port So Not in the Same Origin

Different Host So Not in the Same Origin

Top navigation allows us to open the linked document in the full body of the window or the top browsing context.

Attribute	Value	Description
target	_blank _parent _top framename _self	Opens the linked document in a new window or tab Opens the linked document in the parent frame Opens the linked document in the full body of the window Opens the linked document in a named frame Opens the linked document in the same frame as it was clicked (this is the default)