sandbox: Restrict the permissions of the IFRAME to address security issues.
Defined
If specified as an empty string (sandbox= ""), the sandbox attribute will enable a series of additional restrictions on the content within the inline frame.
The value of the sandbox property can be either an empty string (with all restrictions applied) or a space-delimited list of predefined values (which removes specific restrictions).
Usage
1. sandbox= ""
Apply all restrictions
2. sandbox= "Allow-same-origin"
Allows the IFRAME content to be treated as having the same source as the containing document.
3. sandbox= "Allow-top-navigation"
Allows the contents of the IFRAME content to be navigated (loaded) from the containing document.
Can be used to disable the external website js jump, target= "_parent", target= "_top" and so on
4. sandbox= "Allow-forms"
Allow form submission.
5. sandbox= "Allow-scripts"
Allows the script to execute, which allows the IFRAME to run the script (without creating a pop-up window).
Can be used to disable the external Web site JS
6. sandbox= "Allow-popups"
Allow pop-up windows (such as window.open,target= "_blank").
5. sandbox= "Allow-scripts"
Allow pop-ups to escape the sandbox: allowing a sandbox file to open a new window does not force the sandbox to be used.
Instance
For example: This IFRAME only allows the loading of script, all other restrictions.
<iframe width= "930" height= "630" sandbox= "allow-scripts" src= "http://www.baidu.com" ></iframe>
Problems encountered:
After the IFRAME uses the Sandbox property, flash in the page is not available even if all values are set to allow.
Reference:
Sandbox properties for HTML <iframe> tags
Sandbox use of IFRAME