Reputation: 59
Embed other site in “safe” way
I want to make an iframe and embed an external site without allowing or extremely limiting that page’s ability to affect the DOM and JavaScript context of the parent page. Is there a way to do this?
Upvotes: 0
Views: 97
Answers (2)
Reputation: 463
An iframe can't access most of the properties of the parent iframe cross-origin because of same-origin policy.
So there is very little it will be able to do, although it could redirect the parent document to another URL.
If you need to limit it further, there is the sandbox attribute which you can use to limit the access further.
Upvotes: 2
Reputation: 31963
Yes! Use the sandbox property of the iframe:
// Fully sandboxed
<iframe src="..." sandbox />
// Partially sandboxed, see docs for full set of options
<iframe src="..." sandbox="allow-forms allow-popups" />
Do note that older browsers (IE 10 for example) do not support this, and it may cause the iframe to break on those browsers.
Upvotes: 0
Related Questions
- disable iframe embedding for other websites
- How to create embed code for other sites
- How to embed iFrame with external website
- How to embed another website into my own web to keep the same header
- Embed external content without iframe
- Embed specific part of an existing site into another site
- Creating safe iframes in cross domain
- How to embed other websites via iframe / ahref?
- Making a Same Domain iframe Secure
- Only allow a few websites to embed my iFrame