HTML and CSS Reference
An optional name attribute provides a name for the iframe 's browsing context, allowing links, forms, and
scripts to target the frame and load other pages in the same space, or to interact with the content within.
The optional sandbox attribute applies a set of extra restrictions on the frame's contents as a security
measure in case the frame is displaying an untrusted website. When the sandbox attribute is present
without a value, the frame's content is limited in its ability to affect the parent document, isolating the
framed page in a virtual sandbox so any malicious code within can't harm the page that surrounds it, the
website hosting the parent document, the browser, or the user's computer. Supplying values in the
sandbox attribute can selectively allow some of the restricted actions: allow-same-origin , allow-top-
navigation , allow-forms , and allow-scripts . Only a few browsers have implemented support for the
sandbox attribute so far, but the others will catch up soon.
In lieu of a src attribute to provide the URL of the frame's content, the new srcdoc attribute can carry the
HTML markup for the framed document. That's right, a complete HTML document acting as an attribute's
value. If the src and srcdoc attributes are both defined, the srcdoc attribute takes precedence and the
src attribute can still provide a fallback URL for browsers that don't support srcdoc . Right now that's
every browser, because none of them have yet implemented the srcdoc attribute.
The iframe element technically doesn't require any attributes for validation, but without either a src or
srcdoc attribute, the frame will have no content to display, showing nothing but a blank, white void.
height : The height of the frame in pixels.
name : A name for the embedded browsing context (the frame). A valid name can be any single
word that does not begin with an underscore ( _ ); names beginning with underscores are reserved
for special keywords. The frame name can be used as the value of the target attribute of an
anchor or form element, or the formtarget attribute of an input or button element.
sandbox : If specified as an empty string, this attribute enables extra restrictions on the content
that can appear in the inline frame. The value of the attribute can be a space-separated list of
tokens that lift particular restrictions. Valid tokens are:
allow-same-origin : Allows the content to be treated as being from the same origin as the
containing document. If this keyword isn't present, the embedded content is treated as being
from a unique origin.
allow-top-navigation : Allows the embedded browsing context to load content from the
top-level browsing context. If this keyword isn't present, this operation isn't allowed.
allow-forms : Allows the embedded browsing context to submit forms. If this keyword isn't
present, this operation isn't allowed.
allow-scripts : Allows the embedded browsing context to run scripts (but not create pop-
up windows). If this keyword isn't present, this operation isn't allowed.