Example:
An with additional restrictions:
<iframe src="demo_iframe_sandbox.htm" sandbox=""></iframe>
The sandbox attribute is supported in Internet Explorer 10, Firefox, Chrome, and Safari.
Note. The sandbox attribute is not supported in Internet Explorer 9 and earlier or in Opera.
Definition and use
If specified as an empty string (sandbox = ""), the sandbox attribute allows you to set additional restrictions for content in the inline frame.
The value of the sandbox attribute can be either an empty string (all restrictions apply) or a list of predefined values, separated by spaces, which remove certain restrictions.
Differences between HTML 4.01 and HTML5
The sandbox attribute is new in HTML5.
Syntax
<iframe sandbox="value">
Attribute values
- "" => All restrictions apply below
- allow-same-origin => Allows you to process iframe content as having the same source as the containing document
- allow-top-navigation => Allows iframe content to move (load) content from the containing document
- allow-forms => Allows submit form
- allow-scripts => Allows script execution
javascript: this is a kind of weird URI protocol. It works in some contexts, for example, but not in all - for example, the location of a window cannot be set to such a URI. (Although you can assign a javascript: URI to window.location as a really roundabout way to run a script, the window location does not remain set for this value.)
To write content to IFRAME, get a link to a frame document and write to it. This will require you to set the flag of the sandbox of permitted origin.
<iframe id="myframe" sandbox="allow-scripts allow-same-origin" src="about:blank"></iframe>
<script> var frame = document.getElementById("myframe"); var fdoc = frame.contentDocument; fdoc.write("Hello world"); </script>
Real-time example: http://jsfiddle.net/wUvrF/1/
evergreen Feb 09 '14 at 6:16 2014-02-09 06:16
source share