Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to programatically remove sandbox attribute from an iframe with javascript

Tags:

javascript

html

jquery

google-chrome

I didn't think this was possible, however, i found this quote:

"It is strongly discouraged to use both allow-scripts and allow-same-origin at the same time, as that allows the embedded document to programmatically remove the sandbox attribute."

My iframe needs to have a sandbox, but only when I am browsing in certain URLs where the embedded browsing context tries to navigate (load) content to the top-level browsing context (Jump out of frame...)

On other pages the sandbox needs to be removed entirely, as it wont allow me to browse away from a site with a different origin...

The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.

Programatically changing the sandbox with : 

document.getElementById("frame").sandbox = "";

...doesnt work either as this still places restrictions... Therefore, i need to somehow remove the attribute entirely, how would i go about doing this?

like image 329
David Avatar asked Apr 21 '13 19:04

David

People also ask

How do I remove sandbox attribute on the iframe tag?

Click the Live button, and then select Disable sandbox feature. In the confirmation dialog, click the Yes, Disable button. This will deactivate the feature and delete any sandbox you have started.

What is iframe sandbox attribute?

The sandbox attribute enables an extra set of restrictions for the content in the iframe. When the sandbox attribute is present, and it will: treat the content as being from a unique origin. block form submission. block script execution.

Why you should sandbox iframe content from your own server?

Sandboxing your own code means that even if an attacker successfully subverts your application, they won't be given full access to the application's origin; they'll only be able to do things the application could do.

Is iframe sandbox secure?

Now, these are things that have a great security risk, so to make things more secure for the users, W3C added the 'Sandbox' attribute in the HTML specifications. This attribute limits the action from an iframe within a web page and makes it quite secure and protected.

1 Answers

These flags only take effect when the nested browsing context of the iframe is navigated. Removing them, or removing the entire sandbox attribute, has no effect on an already-loaded page.

More info - Here

like image 173
Mohammad Adil Avatar answered Nov 14 '22 23:11

Mohammad Adil
Sign in to Comment

Related questions

Website Usage Tracking with Colfusion/JavaScript/Other
What Protocol to use for chat? webRTC or Websockets
Change URL in address bar without having to reload [duplicate]
VS Extension to manipulate HTML / CSS
custom XMLHttpRequest.prototype.open
Why is inline script forbidden (Content Security Policy)?
JS Prototypal Inheritance: childs use the same parent properties?
CKEditor 4 Inline: How to hide toolbar on demand?
A ".on()" action listener seems to stop working
Writing Clean Code With Nested Promises
Uploaded Photo with iPad is rotate [closed]
Is explicit ".prototype" really needed?
GJS read file synchronously
Event binding on file upload
How to use JQuery InsertAtCaret Function
In an editable grid, how to make an Ext combo box immediately finish edit mode when selecting an item?
In JavaScript, why do we use el = document.createElement() to create an Element object instead of el = new Element();
How to override Ctrl + N in firefox to launch AJAX
Selecting the individuals from a group of jQuery elements
Chrome extension installation error message

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!