<iframe>: 인라인 프레임 요소

번역이 완료되지 않았습니다. Please help translate this article from English

HTML <iframe> 요소는 중첩 브라우징 맥락을 나타내는 요소로, 현재 문서 안에 다른 HTML 페이지를 삽입합니다.

삽입된 브라우징 맥락은 각자 자신만의 세션 기록문서를 가집니다. 다른 브라우징 맥락을 포함하고 있는 맥락은 "부모 브라우징 맥락"이라고 부릅니다. 부모를 가지지 않는, 즉 최상위 브라우징 맥락은 대개 브라우저 창으로서, Window 객체로 나타냅니다.

각각의 브라우징 맥락은 완전한 문서 환경이므로, 페이지에 <iframe>을 추가할 때마다 메모리 및 기타 컴퓨터 자원 사용량이 늘어납니다. 이론상으로는 원하는 만큼 <iframe>을 사용할 수 있지만, 성능 문제가 없는지 확인하세요.

콘텐츠 카테고리 플로우 콘텐츠, 구문 콘텐츠, 내장 콘텐츠, 대화형 콘텐츠, 뚜렷한 콘텐츠.
가능한 콘텐츠 없음.
태그 생략 None, both the starting and ending tag are mandatory.
가능한 부모 요소 내장 콘텐츠를 허용하는 모든 요소.
가능한 ARIA 역할 application, document, img
DOM 인터페이스 HTMLIFrameElement

특성

이 요소는 전역 특성을 포함합니다.

allow
Specifies a feature policy for the <iframe>. See the article Privacy, permissions, and information security for details on security issues and how <iframe> works with Feature Policy to keep systems safe.
allowfullscreen
Set to true if the <iframe> can activate fullscreen mode by calling the requestFullscreen() method.
This attribute is considered a legacy attribute and redefined as allow="fullscreen".
allowpaymentrequest
Set to true if a cross-origin <iframe> should be allowed to invoke the Payment Request API.
This attribute is considered a legacy attribute and redefined as allow="payment".
csp
A Content Security Policy enforced for the embedded resource. See HTMLIFrameElement.csp for details.
height
The height of the frame in CSS pixels. Default is 150.
importance
The download priority of the resource in the <iframe>'s src attribute. Allowed values:
auto (default)
No preference. The browser uses its own heuristics to decide the priority of the resource.
high
The resource should be downloaded before other lower-priority page resources.
low
The resource should be downloaded after other higher-priority page resources.
loading
Indicates how the browser should load the iframe:
  • eager: Load the iframe immediately, regardless if it is outside the visible viewport (this is the default value).
  • lazy: Defer loading of the iframe until it reaches a calculated distance from the viewport, as defined by the browser.
name
A targetable name for the embedded browsing context. This can be used in the target attribute of the <a>, <form>, or <base> elements; the formtarget attribute of the <input> or <button> elements; or the windowName parameter in the window.open() method.
referrerpolicy
Indicates which referrer to send when fetching the frame's resource:
  • no-referrer: The Referer header will not be sent.
  • no-referrer-when-downgrade (default): The Referer header will not be sent to origins without TLS (HTTPS).
  • origin: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.
  • origin-when-cross-origin: The referrer sent to other origins will be limited to the scheme, the host, and the port. Navigations on the same origin will still include the path.
  • same-origin: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.
  • strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).
  • strict-origin-when-cross-origin: Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).
  • unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username). This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.
sandbox
Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:
  • allow-downloads-without-user-activation : Allows for downloads to occur without a gesture from the user.
  • allow-forms: Allows the resource to submit forms. If this keyword is not used, form submission is blocked.
  • allow-modals: Lets the resource open modal windows.
  • allow-orientation-lock: Lets the resource lock the screen orientation.
  • allow-pointer-lock: Lets the resource use the Pointer Lock API.
  • allow-popups: Allows popups (such as window.open(), target="_blank", or showModalDialog()). If this keyword is not used, the popup will silently fail to open.
  • allow-popups-to-escape-sandbox: Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.
  • allow-presentation: Lets the resource start a presentation session.
  • allow-same-origin: If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy.
  • allow-scripts: Lets the resource run scripts (but not create popup windows).
  • allow-storage-access-by-user-activation : Lets the resource request access to the parent's storage capabilities with the Storage Access API.
  • allow-top-navigation: Lets the resource navigate the top-level browsing context (the one named _top).
  • allow-top-navigation-by-user-activation: Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.
Notes about sandboxing:
  • When the embedded document has the same origin as the embedding page, it is strongly discouraged to use both allow-scripts and allow-same-origin, as that lets the embedded document remove the sandbox attribute — making it no more secure than not using the sandbox attribute at all.
  • Sandboxing is useless if the attacker can display content outside a sandboxed iframe — such as if the viewer opens the frame in a new tab. Such content should be also served from a separate origin to limit potential damage.
  • The sandbox attribute is unsupported in Internet Explorer 9 and earlier.
src
The URL of the page to embed. Use a value of about:blank to embed an empty page that conforms to the same-origin policy. Also note that programatically removing an <iframe>'s src attribute (e.g. via Element.removeAttribute()) causes about:blank to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS.
srcdoc
Inline HTML to embed, overriding the src attribute. If a browser does not support the srcdoc attribute, it will fall back to the URL in the src attribute.
width
The width of the frame in CSS pixels. Default is 300.

Deprecated attributes

These attributes are deprecated and may no longer be supported by all user agents. You should not use them in new content, and try to remove them from existing content.

align Deprecated HTML4.01, 안씀 HTML5
The alignment of this element with respect to the surrounding context.
frameborder 안씀 HTML5
The value 1 (the default) draws a border around this frame. The value 0 removes the border around this frame, but you should instead use the CSS property border to control <iframe> borders.
longdesc 안씀 HTML5
A URL of a long description of the frame's content. Due to widespread misuse, this is not helpful for non-visual browsers.
marginheight 안씀 HTML5
The amount of space in pixels between the frame's content and its top and bottom borders.
marginwidth 안씀 HTML5
The amount of space in pixels between the frame's content and its left and right borders.
scrolling 안씀 HTML5
Indicates when the browser should provide a scrollbar for the frame:
  • auto: Only when the frame's content is larger than its dimensions.
  • yes: Always show a scrollbar.
  • no: Never show a scrollbar.

Non-standard attributes

mozbrowser
See bug 1318532 for exposing this to WebExtensions in Firefox.
Makes the <iframe> act like a top-level browser window. See Browser API for details.
Available only to WebExtensions.

스크립팅

Inline frames, like <frame> elements, are included in the window.frames pseudo-array.

With the DOM HTMLIFrameElement object, scripts can access the window object of the framed resource via the contentWindow property. The contentDocument property refers to the document inside the <iframe>, same as contentWindow.document.

From the inside of a frame, a script can get a reference to its parent window with window.parent.

Script access to a frame's content is subject to the same-origin policy. Scripts cannot access most properties in other window objects if the script was loaded from a different origin, including scripts inside a frame accessing the frame's parent. Cross-origin communication can be achieved using Window.postMessage().

예제

간단한 프레임

An <iframe> in action. After creating the frame, when the user clicks a button, its title is displayed in an alert.

<iframe src="https://mdn-samples.mozilla.org/snippets/html/iframe-simple-contents.html"
            title="iframe Example 1" width="400" height="300">
</iframe>

Result

프레임 안의 링크를 다른 탭에서 열기

<iframe id="Example2"
    title="iframe Example 2"
    width="400" height="300"
    style="border:none"
    src="https://maps.google.com/maps?f=q&source=s_q&q=buenos+aires&sll=37.0625,-95.677068&sspn=38.638819,80.859375&t=h&hnear=Buenos+Aires,+Argentina&z=11&ll=-34.603723,-58.381593&output=embed">
</iframe>

결과

명세

명세 상태 주석
HTML Living Standard
The definition of '<iframe>' in that specification.
Living Standard
HTML5
The definition of '<iframe>' in that specification.
Recommendation
HTML 4.01 Specification
The definition of '<iframe>' in that specification.
Recommendation

브라우저 호환성

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
iframeChrome Full support 1Edge Full support 12Firefox Full support Yes
Notes
Full support Yes
Notes
Notes The resize CSS property doesn't have any effect on this element due to bug 680823.
IE Full support YesOpera Full support YesSafari Full support Yes
Notes
Full support Yes
Notes
Notes Safari has a bug that prevents iframes from loading if the iframe element was hidden when added to the page. iframeElement.src = iframeElement.src should cause it to load the iframe.
WebView Android Full support YesChrome Android Full support YesFirefox Android Full support Yes
Notes
Full support Yes
Notes
Notes The resize CSS property doesn't have any effect on this element due to bug 680823.
Opera Android Full support YesSafari iOS Full support Yes
Notes
Full support Yes
Notes
Notes Safari has a bug that prevents iframes from loading if the iframe element was hidden when added to the page. iframeElement.src = iframeElement.src should cause it to load the iframe.
Samsung Internet Android Full support Yes
align
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
allow
Experimental
Chrome Full support 60Edge Full support 79Firefox Full support 74IE No support NoOpera Full support 47Safari Full support 11.1WebView Android Full support 60Chrome Android Full support 60Firefox Android No support NoOpera Android Full support 44Safari iOS Full support 11.3Samsung Internet Android Full support 8.0
allowfullscreenChrome Full support 27
Full support 27
No support 17 — 38
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Edge Full support ≤79
Full support ≤79
No support 12 — 79
Prefixed
Prefixed Implemented with the vendor prefix: ms
Firefox Full support 18
Full support 18
Full support 9
Prefixed
Prefixed Implemented with the vendor prefix: moz
IE Full support 11
Prefixed
Full support 11
Prefixed
Prefixed Implemented with the vendor prefix: ms
Opera Full support ≤15
Full support ≤15
No support 15 — 25
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Safari Full support 7
Full support 7
Full support Yes
Prefixed
Prefixed Implemented with the vendor prefix: webkit
WebView Android Full support 37
Full support 37
No support 37 — 38
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Chrome Android Full support 27
Full support 27
No support 18 — 38
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Firefox Android Full support 18
Full support 18
Full support 9
Prefixed
Prefixed Implemented with the vendor prefix: moz
Opera Android Full support ≤14
Full support ≤14
No support 14 — 25
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Safari iOS Full support 7
Full support 7
Full support Yes
Prefixed
Prefixed Implemented with the vendor prefix: webkit
Samsung Internet Android Full support 1.5
Full support 1.5
No support 1.0 — 3.0
Prefixed
Prefixed Implemented with the vendor prefix: webkit
allowpaymentrequest
Experimental
Chrome No support NoEdge No support NoFirefox No support NoIE No support NoOpera No support NoSafari No support NoWebView Android No support NoChrome Android No support NoFirefox Android No support NoOpera Android No support NoSafari iOS No support NoSamsung Internet Android No support No
External protocol URLs blocked
Deprecated
Chrome ? Edge ? Firefox Full support 67IE ? Opera ? Safari ? WebView Android ? Chrome Android ? Firefox Android Full support 67Opera Android ? Safari iOS ? Samsung Internet Android ?
frameborder
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
heightChrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
loading
Experimental
Chrome Full support 76Edge Full support 79Firefox No support NoIE No support NoOpera Full support 63Safari No support No
Notes
No support No
Notes
Notes See bug 196698
WebView Android No support NoChrome Android Full support 76Firefox Android No support NoOpera Android Full support 54Safari iOS No support No
Notes
No support No
Notes
Notes See bug 196698
Samsung Internet Android No support No
longdesc
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
marginheight
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
marginwidth
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
nameChrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
referrerpolicyChrome Full support 51Edge Full support 79Firefox Full support 50IE No support NoOpera Full support 38Safari Full support 11.1WebView Android Full support 51Chrome Android Full support 51Firefox Android Full support 50Opera Android Full support 41Safari iOS No support NoSamsung Internet Android Full support 7.2
sandboxChrome Full support 4Edge Full support 12Firefox Full support 17IE Full support 10Opera Full support 15Safari Full support 5WebView Android Full support YesChrome Android Full support YesFirefox Android Full support 17Opera Android ? Safari iOS Full support 4.2Samsung Internet Android Full support Yes
sandbox="allow-modals"Chrome ? Edge ? Firefox Full support 49IE No support NoOpera ? Safari ? WebView Android ? Chrome Android ? Firefox Android Full support 49Opera Android ? Safari iOS ? Samsung Internet Android ?
sandbox="allow-popups"Chrome Full support YesEdge Full support ≤18Firefox Full support 28IE ? Opera Full support YesSafari ? WebView Android Full support YesChrome Android Full support YesFirefox Android Full support 27Opera Android ? Safari iOS ? Samsung Internet Android Full support Yes
sandbox="allow-popups-to-escape-sandbox"Chrome Full support 46Edge Full support 79Firefox Full support 49IE No support NoOpera Full support 32Safari ? WebView Android Full support 46Chrome Android Full support 46Firefox Android Full support 49Opera Android Full support 32Safari iOS ? Samsung Internet Android Full support 5.0
sandbox="allow-presentation"Chrome Full support 53Edge Full support 79Firefox Full support 50IE No support NoOpera Full support 40Safari ? WebView Android No support NoChrome Android Full support 53Firefox Android Full support 50Opera Android Full support 41Safari iOS ? Samsung Internet Android Full support 6.0
sandbox="allow-storage-access-by-user-activation"
ExperimentalNon-standard
Chrome No support NoEdge No support NoFirefox Full support 65
Disabled
Full support 65
Disabled
Disabled From version 65: this feature is behind the dom.storage_access.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera No support NoSafari Full support 11.1WebView Android No support NoChrome Android No support NoFirefox Android Full support 65
Disabled
Full support 65
Disabled
Disabled From version 65: this feature is behind the dom.storage_access.enabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android No support NoSafari iOS Full support 11.3Samsung Internet Android No support No
sandbox="allow-top-navigation-by-user-activation"Chrome Full support 58Edge Full support 79Firefox Full support 79IE No support NoOpera Full support 45Safari Full support 11.1
Notes
Full support 11.1
Notes
Notes Not initially available in 11.1, but added in sub-version 13605.1.33.1.2.
WebView Android Full support 58Chrome Android Full support 58Firefox Android No support NoOpera Android Full support 43Safari iOS ? Samsung Internet Android Full support 7.0
scrolling
Deprecated
Chrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
srcChrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes
srcdocChrome Full support 20Edge Full support 79Firefox Full support 25IE No support NoOpera Full support 15Safari Full support 6WebView Android Full support 37Chrome Android Full support 25Firefox Android Full support 25Opera Android ? Safari iOS ? Samsung Internet Android Full support 1.5
widthChrome Full support 1Edge Full support 12Firefox Full support YesIE Full support YesOpera Full support YesSafari Full support YesWebView Android Full support YesChrome Android Full support YesFirefox Android Full support YesOpera Android Full support YesSafari iOS Full support YesSamsung Internet Android Full support Yes

Legend

Full support  
Full support
No support  
No support
Compatibility unknown  
Compatibility unknown
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.
Non-standard. Expect poor cross-browser support.
Non-standard. Expect poor cross-browser support.
Deprecated. Not for use in new websites.
Deprecated. Not for use in new websites.
See implementation notes.
See implementation notes.
User must explicitly enable this feature.
User must explicitly enable this feature.
Requires a vendor prefix or different name for use.
Requires a vendor prefix or different name for use.