http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox Are there plans to have an 'allow-plugins' value? I'm assuming there will be use-cases where the only protection that is desired is prevention of parent redirection. Thanks