This page contains some demos for the sandbox attribute of the iframe element. In order to run these demos, you might need to modify your preference to allow javascript, popups and modal dialogs.
The following iframes contain a page to test some actions
(executing javascript, opening popups, opening modal dialogs, redirecting
the top frame). These actions are all permitted for unsandboxed frames
and (by default) all forbidden for sandboxed frames. You can use some
allow-* flags to relax these restrictions one by one.
allow-scripts: allow-popups: allow-scripts allow-top-navigation: By default, popups opened from a sandboxed frames have the
same restrictions as the frame.
This is sometimes not wanted e.g. for the landing page of trusted ads.
The allow-popup-to-escape-sandbox flag allows the popups
to be opened in a new unsandboxed context. Click the
"Open this page as a popup" links to see the effect of that flag:
allow-popups: allow-popups allow-popups-to-escape-sandbox: The allow-top-navigation has been used to perform malicious
redirection of the top frame without the user's permission. The
allow-top-navigation-by-user-activation provides a safer flag
which only allows redirections triggered by user actions. The
"Navigate top frame" button should work in both cases but the
"Open a popup to test top navigation without user activation" should
be blocked for allow-top-navigation-by-user-activation.
allow-scripts allow-popups allow-top-navigation: allow-scripts allow-popups allow-top-navigation-by-user-activation: Opening modal dialogs used to always be permitted for sandboxed frames.
In more recent versions of the HTML specification, an
allow-modals flag is introduced to explicitly request
permission to open such modal dialogs, hence providing better safety by
default.
allow-scripts: allow-scripts allow-modals: