Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does iframe behave in HTML5 without the sandbox attribute?

Tags:

html

iframe

What is the behaviour of <iframe> in HTML5 when the sandbox attribute is not present? Is it same as sandbox=""?

like image 313
Satya Prakash Avatar asked Dec 04 '12 13:12

Satya Prakash


1 Answers

No, it's more like the opposite.

When you add the sandbox attribute, you create the sandbox : you force the content to be much more restricted. This protects your user from the content of the iframe, which isn't the case without the attribute, especially when the content is served from the same origin.

Adding elements in the sandbox list reduces the restrictions. That's why they're called "allow-something".

Here's the W3.org reference.

And here's an almost-clear introduction from MS: How to Safeguard your Site with HTML5 Sandbox

like image 193
Denys Séguret Avatar answered Oct 27 '22 00:10

Denys Séguret