HTML and CSS Reference
sandbox This HTML5 attribute constrains the abilities of any iframed content. It may
contain a space-separated list of exceptions on included iframe content. Currently supported
values include allow-same-origin , allow-scripts , and allow-forms . By default, the
included content will be highly restricted, but each allow value will extend the sandbox to
allow the included content to talk to its origin domain ( allow-same-origin ), invoke
scripting ( allow-scripts ), or post forms ( allow-forms ).
scrolling This attribute determines whether the frame has scroll bars. A yes value forces
scroll bars; a no value prohibits them. The default value is auto , in which case scroll bars
appear only as needed.
seamless This HTML5 Boolean attribute is set to make the iframe be rendered in such a
way that it appears to be part of the primary browsing context.
security This attribute sets the value indicating whether the source file of an iframe has
security restrictions applied. The only allowed value is restricted .
src This attribute contains the URL of the content to be displayed in the floating frame. If
absent, the frame is blank.
<iframe src="http://www.democompany.com" height="150" width="200"
Sorry, your browser doesn't support inline frames.
<!-- HTML5 example highly restricted -->
<iframe src="http://www.fakewebgadets.com/gadget" height="200" width="200"
<!-- HTML5 example less restricted -->
<iframe src="http://www.fakewebgadets.com/gadget2" height="200" width="200"
id="weather" sandbox="allow-same-origin allow-scripts" seamless>
HTML 4 (transitional), 5
XHTML 1.0 (transitional or frameset)
Firefox 1+, Internet Explorer 3+,
Netscape 6+, Opera 5+, Safari 1+
• Under the HTML 4 strict specification, the iframe element is not defined. However,
under XHTML transitional and XHTML frameset, iframe is allowed. XHTML 1.1
does not allow it either. Floating frames can be imitated using the div element and
CSS positioning facilities.
• Iframes are useful for not only including content from within a site or beyond, but
also as a communication mechanism similar to Ajax.