Sandbox use of IFRAME

sandbox: Restrict the permissions of the IFRAME to address security issues.

Defined

If specified as an empty string (sandbox= ""), the sandbox attribute will enable a series of additional restrictions on the content within the inline frame.
The value of the sandbox property can be either an empty string (with all restrictions applied) or a space-delimited list of predefined values (which removes specific restrictions).

Usage

1. sandbox= ""
Apply all restrictions

2. sandbox= "Allow-same-origin"
Allows the IFRAME content to be treated as having the same source as the containing document.

3. sandbox= "Allow-top-navigation"
Allows the contents of the IFRAME content to be navigated (loaded) from the containing document.
Can be used to disable the external website js jump, target= "_parent", target= "_top" and so on

4. sandbox= "Allow-forms"
Allow form submission.

5. sandbox= "Allow-scripts"
Allows the script to execute, which allows the IFRAME to run the script (without creating a pop-up window).
Can be used to disable the external Web site JS

6. sandbox= "Allow-popups"
Allow pop-up windows (such as window.open,target= "_blank").

5. sandbox= "Allow-scripts"
Allow pop-ups to escape the sandbox: allowing a sandbox file to open a new window does not force the sandbox to be used.

Instance

For example: This IFRAME only allows the loading of script, all other restrictions.

<iframe width= "930" height= "630" sandbox= "allow-scripts" src= "http://www.baidu.com" ></iframe>

Problems encountered:
After the IFRAME uses the Sandbox property, flash in the page is not available even if all values are set to allow.

Reference:
Sandbox properties for HTML <iframe> tags

Sandbox use of IFRAME