Jump to: navigation, search


This article is Not Ready.

Needs Summary: This article does not have a summary. Summaries give a brief overview of the topic and are automatically included on some listing pages that link to this article.

Applies to  ?


The following example shows how to use the sandbox attribute to enable sandbox restrictions.

<iframe sandbox src="frame1.html"></iframe>

The following example shows a sandboxed iframe element that uses customization flags to customize the restrictions for the content in the element.

<iframe sandbox="allow-forms allow-same-origin" src="frame1.html"></iframe>



When the sandbox attribute is specified for an iframe element, the content in the iframe element is said to be sandboxed. In addition, the following restrictions are applied to the iframe element:

  • Sandboxed content cannot open pop-up windows or new browser windows. Methods that open pop-up windows (such as createPopup(), showModalDialog(), showModelessDialog(), and , fail silently.
  • Links cannot be opened in new windows.
  • Sandboxed content is considered to be from a unique domain, which prevents access to APIs that are protected by the same-origin policy such as cookies, local storage, and the Document Object Model (DOM) of other documents.
  • The top window cannot be navigated by sandboxed content.
  • Sandboxed content cannot submit form data.
  • Plugins (object, applet, embed, or frame) do not instantiate.
  • Automatic element behavior is disabled, including audio and video elements.
  • Selected features proprietary to Windows Internet Explorer are disabled for sandboxed content, including HTML Components (HTCs), binary behaviors, databinding, and window.external.

To customize sandbox restrictions for a given iframe element, specify one or more of the possible values as the value for the sandbox attribute. Use spaces to separate multiple values.


See also

Related pages (MSDN)

  • HTMLIFrameElement


This article contains content originally from external sources.

Portions of this content come from the Microsoft Developer Network: [Windows Internet Explorer API reference Article]