HTML5 iframe element

The HTML5 iframe element can be used to solve security and design issues in embedded Web content.

The main features of the iframe element include:

• sandbox attribute

  You can use the sandbox attribute of the iframe object to control the execution of tasks that can result in unreliable content, thereby enhancing application security.

  If an empty value is assigned to the sandbox attribute, the following restrictions are applied:

  • Content is treated as belonging to a unique origin. Access to cookies, local storage, and other pages within the same domain are not allowed.
  • Form submission is disabled.
  • Script execution is disabled.
  • Link navigation is disabled.
  • Plug-ins are disabled.
  • Pop-ups are disabled.

  To work around these restrictions, you can use the following additional security restriction conditions:

  • allow-same-origin

    Enables the content to be treated as belonging to the same origin.

  • allow-top-navigation

    Enables navigation to the top-level browsing context.

  • allow-forms

    Enables form submission.

  • allow-scripts

    Enables script execution, but blocks pop-ups.

  • allow-popups

    Enables opening a pop-up window from the sandboxed element.

• seamless attribute

  You can use the seamless attribute provided in the iframe object to render a page as a part of the parent document and include it in the iframe element.

Note
The scrolling, align, frameborder, marginheight, marginwidth, and longdesc HTML5 attributes are no longer supported in the latest HTML5 version.