HTML and CSS Reference
In-Depth Information
An optional
name
attribute provides a name for the
iframe
's browsing context, allowing links, forms, and
scripts to target the frame and load other pages in the same space, or to interact with the content within.
The optional
sandbox
attribute applies a set of extra restrictions on the frame's contents as a security
measure in case the frame is displaying an untrusted website. When the
sandbox
attribute is present
without a value, the frame's content is limited in its ability to affect the parent document, isolating the
framed page in a virtual sandbox so any malicious code within can't harm the page that surrounds it, the
website hosting the parent document, the browser, or the user's computer. Supplying values in the
sandbox
attribute can selectively allow some of the restricted actions:
allow-same-origin
,
allow-top-
navigation
,
allow-forms
, and
allow-scripts
. Only a few browsers have implemented support for the
sandbox
attribute so far, but the others will catch up soon.
In lieu of a
src
attribute to provide the URL of the frame's content, the new
srcdoc
attribute can carry the
HTML markup for the framed document. That's right, a complete HTML document acting as an attribute's
value. If the
src
and
srcdoc
attributes are both defined, the
srcdoc
attribute takes precedence and the
src
attribute can still provide a fallback URL for browsers that don't support
srcdoc
. Right now that's
every browser, because none of them have yet implemented the
srcdoc
attribute.
Required Attributes
The
iframe
element technically doesn't require any attributes for validation, but without either a
src
or
srcdoc
attribute, the frame will have no content to display, showing nothing but a blank, white void.
Optional Attributes
height
: The height of the frame in pixels.
name
: A name for the embedded browsing context (the frame). A valid name can be any single
word that does not begin with an underscore (
_
); names beginning with underscores are reserved
for special keywords. The frame name can be used as the value of the
target
attribute of an
anchor or
form
element, or the
formtarget
attribute of an
input
or
button
element.
sandbox
: If specified as an empty string, this attribute enables extra restrictions on the content
that can appear in the inline frame. The value of the attribute can be a space-separated list of
tokens that lift particular restrictions. Valid tokens are:
allow-same-origin
: Allows the content to be treated as being from the same origin as the
containing document. If this keyword isn't present, the embedded content is treated as being
from a unique origin.
allow-top-navigation
: Allows the embedded browsing context to load content from the
top-level browsing context. If this keyword isn't present, this operation isn't allowed.
allow-forms
: Allows the embedded browsing context to submit forms. If this keyword isn't
present, this operation isn't allowed.
allow-scripts
: Allows the embedded browsing context to run scripts (but not create pop-
up windows). If this keyword isn't present, this operation isn't allowed.
