Sandbox and Seamless Attributes

From RuntimeWiki

Jump to: navigation, search

The HTML5 spec proposes new 'sandbox' and 'seamless' attributes on the IFRAME element.

The 'sandbox' attribute, when specified, enables a set of (mostly security-related) extra restrictions on any content hosted by the iframe. If present, the attribute instructs the browser to treat the referenced content as if it were from a different domain from a security perspective; forms and scripts are disabled; links are prevented from targeting other browser contexts; and plugins are disabled. These sandboxing restrictions can be software by passing in the following flags:

  • allow-same-origin: allows the content to be treated as being from the same origin instead of forcing it into a unique origin
  • allow-forms: enables forms
  • allow-scripts: enables scripts

The spec for 'sandbox' can be found at:

WebKit announced implementation of the 'sandbox' attribute in late 2009.

The 'seamless' attribute, when specified, causes the referenced content to operate for the most part as if the content were transcluded into the parent web page. For example, CSS inheritance would pass into the iframe's content and CSS style sheets referenced by the iframe will be added to the style sheets used on the parent web page. Also, the content of the iframe would auto-size just like an HTML DIV.

The spec for 'seamless' can be found at:

At this time, there is no evidence of any browsers supporting the 'seamless' attribute.

Comments on this feature request

IBM feedback: important short-term feature

One of IBM's product teams says this would be important to have as soon as possible.

Personal tools