HTML <iframe> sandbox Attribute

❮ HTML <iframe> tag

Example

An <iframe> with extra restrictions:

Try it Yourself »

More "Try it Yourself" examples below.

Definition and Usage

The sandbox attribute enables an extra set of restrictions for the content in the iframe.

When the sandbox attribute is present, and it will:

treat the content as being from a unique origin
block form submission
block script execution
disable APIs
prevent links from targeting other browsing contexts
prevent content from using plugins (through <embed>, <object>, <applet>, or other)
prevent the content to navigate its top-level browsing context
block automatically triggered features (such as automatically playing a video or automatically focusing a form control)

The value of the sandbox attribute can either be empty (then all restrictions are applied), or a space-separated list of pre-defined values that will REMOVE the particular restrictions.

Browser Support

The numbers in the table specify the first browser version that fully supports the attribute.

Attribute
sandbox	4.0	10.0	17.0	5.0	15.0

Syntax

Attribute Values

Value	Description
(no value)	Applies all restrictions
allow-forms	Allows form submission
allow-modals	Allows to open modal windows
allow-orientation-lock	Allows to lock the screen orientation
allow-pointer-lock	Allows to use the Pointer Lock API
allow-popups	Allows popups
allow-popups-to-escape-sandbox	Allows popups to open new windows without inheriting the sandboxing
allow-presentation	Allows to start a presentation session
allow-same-origin	Allows the iframe content to be treated as being from the same origin
allow-scripts	Allows to run scripts
allow-top-navigation	Allows the iframe content to navigate its top-level browsing context
allow-top-navigation-by-user-activation	Allows the iframe content to navigate its top-level browsing context, but only if initiated by user