Satya Prakash
Reputation: 3502
How does iframe behave in HTML5 without the sandbox attribute?
What is the behaviour of <iframe> in HTML5 when the sandbox attribute is not present? Is it same as sandbox=""?
Upvotes: 9
Views: 3570
Answers (1)
Denys Séguret
Reputation: 382092
No, it's more like the opposite.
When you add the sandbox attribute, you create the sandbox : you force the content to be much more restricted. This protects your user from the content of the iframe, which isn't the case without the attribute, especially when the content is served from the same origin.
Adding elements in the sandbox list reduces the restrictions. That's why they're called "allow-something".
Here's the W3.org reference.
And here's an almost-clear introduction from MS: How to Safeguard your Site with HTML5 Sandbox
Upvotes: 5
Related Questions
- What sandbox does an <object> element run in? Can this sandbox be configured?
- How can an iframe remove its own sandboxing?
- How to use "hidden" Sandbox in iframe?
- Add HTML5 sandbox attribute to an iframe using Javascript
- Sandboxing, IFrame, and allow-same-origin
- Value of HTML5 iframe sandbox attribute
- Detect support for HTML5 iframe sandbox attribute
- HTML: iframe sandbox alternatives
- Sandboxing content in an IFRAME, on the client side
- HTML5 iframe sandbox attributes problem