CSP: sandbox

翻译正在进行中。

The HTTP Content-Security-Policy (CSP) sandbox directive enables a sandbox for the requested resource similar to the <iframe> sandbox attribute. It applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy.

CSP version 1.1 / 2
Directive type Document directive
This directive is not supported in the <meta> element or by the Content-Security-policy-Report-Only header field.

句法

Content-Security-Policy: sandbox;
Content-Security-Policy: sandbox <value>;

<value>可以选择是以下值之一:

allow-forms
允许嵌入式浏览上下文提交表单。如果未使用此关键字,则不允许此操作。
allow-modals
允许嵌入式浏览上下文打开模态窗口。
allow-orientation-lock
允许嵌入式浏览上下文禁用锁定屏幕方向的功能。
allow-pointer-lock
允许嵌入式浏览上下文使用Pointer Lock API
allow-popups
允许弹出窗口(像window.opentarget="_blank"showModalDialog)。如果未使用此关键字,则该功能将无提示失败。
allow-popups-to-escape-sandbox
允许沙盒文档打开新窗口而不强制沙盒标记。例如,这将允许安全地沙箱化第三方广告,而不会对登陆页面施加相同的限制。
allow-presentation
允许嵌入器控制iframe是否可以启动演示会话。
allow-same-origin
允许将内容视为来自其正常来源。如果未使用此关键字,则嵌入的内容将被视为来自唯一来源。
allow-scripts
允许嵌入式浏览上下文运行脚本(但不创建弹出窗口)。如果未使用此关键字,则不允许此操作。
allow-top-navigation
允许嵌入式浏览上下文将内容导航(加载)到顶级浏览上下文。如果未使用此关键字,则不允许此操作。

例子

Content-Security-Policy: sandbox allow-scripts;

Specifications

Specification Status Comment
Content Security Policy Level 3
sandbox
Working Draft No changes.
Content Security Policy Level 2
sandbox
Recommendation Initial definition.

浏览器兼容性

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
sandboxChrome Full support 25Edge Full support 14Firefox Full support 50IE Full support 10Opera Full support 15Safari Full support 7WebView Android Full support YesChrome Android Full support YesEdge Mobile ? Firefox Android Full support 50Opera Android ? Safari iOS Full support 7.1Samsung Internet Android Full support Yes

Legend

Full support  
Full support
Compatibility unknown  
Compatibility unknown

See also

文档标签和贡献者

标签: 
此页面的贡献者: Syclover-HardToName
最后编辑者: Syclover-HardToName,