Frame Sandboxing

This page contains some demos for the sandbox attribute of the iframe element. In order to run these demos, you might need to modify your preference to allow javascript, popups and modal dialogs.

Basic flags

The following iframes contain a page to test some actions (executing javascript, opening popups, opening modal dialogs, redirecting the top frame). These actions are all permitted for unsandboxed frames and (by default) all forbidden for sandboxed frames. You can use some allow-* flags to relax these restrictions one by one.


By default, popups opened from a sandboxed frames have the same restrictions as the frame. This is sometimes not wanted e.g. for the landing page of trusted ads. The allow-popup-to-escape-sandbox flag allows the popups to be opened in a new unsandboxed context. Click the "Open this page as a popup" links to see the effect of that flag:


The allow-top-navigation has been used to perform malicious redirection of the top frame without the user's permission. The allow-top-navigation-by-user-activation provides a safer flag which only allows redirections triggered by user actions. The "Navigate top frame" button should work in both cases but the "Open a popup to test top navigation without user activation" should be blocked for allow-top-navigation-by-user-activation.


Opening modal dialogs used to always be permitted for sandboxed frames. In more recent versions of the HTML specification, an allow-modals flag is introduced to explicitly request permission to open such modal dialogs, hence providing better safety by default.