HTMLIFrameElement: sandbox property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The sandbox read-only property of the HTMLIFrameElement interface returns a DOMTokenList indicating extra restrictions on the behavior of the nested content.

It reflects the sandbox attribute of the <iframe> element.

Value

A DOMTokenList. Each item must be one of the tokens listed in the sandbox attribute of the <iframe> element.

Examples

html
<iframe
  id="el"
  title="example"
  src="https://example.com"
  sandbox="allow-same-origin allow-scripts"></iframe>
js
const el = document.getElementById("el");
console.log(Array.from(el.sandbox)); // Output: ["allow-same-origin", "allow-scripts"]

el.sandbox = "";
console.log(Array.from(el.sandbox)); // Output: []

Specifications

Specification
HTML Standard
# dom-iframe-sandbox

Browser compatibility

BCD tables only load in the browser