How does iframe behave in HTML5 without the sandbox attribute?

Question

What is the behaviour of <iframe> in HTML5 when the sandbox attribute is not present? Is it same as sandbox=""?

Answer 1

No, it's more like the opposite.

When you add the sandbox attribute, you create the sandbox : you force the content to be much more restricted. This protects your user from the content of the iframe, which isn't the case without the attribute, especially when the content is served from the same origin.

Adding elements in the sandbox list reduces the restrictions. That's why they're called "allow-something".

Here's the W3.org reference.

And here's an almost-clear introduction from MS: How to Safeguard your Site with HTML5 Sandbox