0
0
HtmlConceptBeginner · 3 min read

What is sandbox attribute in iframe: Explanation and Example

The sandbox attribute in an iframe adds extra security by restricting what the embedded content can do. It disables features like running scripts or submitting forms unless explicitly allowed, making the iframe content safer to display.
⚙️

How It Works

Think of the sandbox attribute as a safety box for the content inside an iframe. When you add it, the browser locks down the iframe's abilities, like stopping it from running scripts or opening new windows. This is like putting a child in a playpen where they can play safely without causing trouble outside.

By default, the sandbox blocks many actions to protect your main page from harmful or unwanted behavior coming from the iframe content. You can then choose to allow some actions by adding specific keywords to the attribute, like letting scripts run or forms submit, but only if you trust the content.

💻

Example

This example shows an iframe with the sandbox attribute that blocks scripts and forms by default. The embedded page cannot run JavaScript or submit forms unless you add permissions.

html
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Sandbox Attribute Example</title>
</head>
<body>
  <h2>Iframe with sandbox attribute</h2>
  <iframe srcdoc="<button onclick='alert(\'Hi!\')'>Click me</button>" sandbox width="300" height="100"></iframe>
</body>
</html>
Output
A 300x100 iframe showing a button labeled 'Click me'. Clicking the button does nothing because scripts are blocked by sandbox.
🎯

When to Use

Use the sandbox attribute whenever you embed content from sources you don't fully trust. It helps protect your site from malicious scripts, unwanted pop-ups, or data theft. For example, if you embed user-generated content, ads, or third-party widgets, sandboxing keeps your page safer.

You can also use it to limit what embedded content can do, improving security and user privacy. Adjust the sandbox permissions to allow only what is necessary, like enabling forms or scripts selectively.

Key Points

  • The sandbox attribute restricts iframe content capabilities for security.
  • By default, it blocks scripts, forms, pop-ups, and more.
  • You can add keywords to allow specific features, like allow-scripts or allow-forms.
  • It is useful for embedding untrusted or third-party content safely.
  • Helps prevent security risks like cross-site scripting (XSS) attacks.

Key Takeaways

The sandbox attribute secures iframe content by restricting its actions.
It blocks scripts and forms by default unless permissions are added.
Use sandbox when embedding content from untrusted sources.
Customize sandbox permissions to balance security and functionality.
Sandboxing helps protect your site from malicious iframe behavior.

Related by keyword

What is autofocus attribute in HTML: Simple Explanation and ExampleForm AttributesWhat is Multiple Attribute in HTML: Explanation and ExampleForm AttributesWhat is readonly attribute in HTML: Explanation and ExampleForm AttributesWhat is draggable attribute in HTML: Simple Explanation and ExampleGlobal AttributesWhat Is an HTML Attribute? Simple Explanation and ExamplesHTML Structure

Up next

HTML Track Tag: What It Is and How to Use ItHTML Video Formats Supported: Quick Guide for Web DevelopersHow to Add Canonical Tag in HTML for SEO Best PracticesHow to Add Favicon to HTML: Simple Steps for Your Website

More in Embed and Iframe

How to Embed Google Map in HTML EasilyHow to Embed PDF in HTML: Simple Methods ExplainedHow to Embed a Website in HTML: Simple iframe GuideHow to Make iframe Responsive: Simple HTML & CSS Guide