HTMLIFrameElement: sandbox property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The sandbox read-only property of the HTMLIFrameElement interface returns a DOMTokenList indicating extra restrictions on the behavior of the nested content.

It reflects the sandbox attribute of the <iframe> element.

Value

A DOMTokenList. Each item must be one of the tokens listed in the sandbox attribute of the <iframe> element.

Examples

html
<iframe
  id="el"
  title="example"
  src="https://example.com"
  sandbox="allow-same-origin allow-scripts"></iframe>
js
const el = document.getElementById("el");
console.log(Array.from(el.sandbox)); // Output: ["allow-same-origin", "allow-scripts"]

el.sandbox = "";
console.log(Array.from(el.sandbox)); // Output: []

Specifications

Specification
HTML Standard
# dom-iframe-sandbox

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
sandbox

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
See implementation notes.