What is the behaviour of <iframe>
in HTML5 when the sandbox
attribute is not present? Is it same as sandbox=""
?
No, it's more like the opposite.
When you add the sandbox
attribute, you create the sandbox : you force the content to be much more restricted. This protects your user from the content of the iframe, which isn't the case without the attribute, especially when the content is served from the same origin.
Adding elements in the sandbox
list reduces the restrictions. That's why they're called "allow-something"
.
Here's the W3.org reference.
And here's an almost-clear introduction from MS: How to Safeguard your Site with HTML5 Sandbox
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With