HTML and CSS Reference
In-Depth Information
•
Restricted local access
: The content is treated as being from a different server,
which prevents access to local server content such as cookies and other web
storage options tied to the local server domain.
•
No form submission
: Form submission from the inline content is disabled.
•
No JavaScript
: Scripts in the inline content are disabled.
•
No external link targets
: Links in the inline content are prevented from target-
ing other browsing contexts, such as the containing document through the use
of
target="_parent"
, for example.
•
No plug-ins
: Inline content requiring plug-ins, such as for Adobe Flash content,
are disabled.
As a Boolean attribute,
sandbox
just needs to be added to the
iframe
to enable
these restrictions, like so:
<iframe src="external.html" sandbox><!-- Fallback content
--></iframe>
If the
sandbox
attribute is not treated as a Boolean attribute, a number of text
keywords values can be set that will negate almost all of the previous restrictions.
Table
5-1
shows the available keywords. More than one keyword can be added to negate more
than one restriction, with each separated by a space. Here's an example:
<iframe src="external.html" sandbox="allow-forms allow-
top-navigation">
<!-- Fallback content -->
</iframe>
The previous code would allow form submissions and external link targets in the em-
bedded content but would have the other sandbox restrictions in effect.
Search WWH ::
Custom Search