[whatwg] Additional attribute value for iframe sandbox

Tim Streater tim at clothears.org.uk
Mon Apr 30 13:15:00 PDT 2012

I'd like to request that it be possible for links in sandboxed iframes, when clicked, to open in a new window. My reading of the documentation suggests that in a sandboxed iframe, links are disabled except that "allow-top-navigation" permits the equivalent of "target='_top'". In effect, I'd like a new value that permits "target='_blank'". Testing today tells me that in fact in Safari 5.1.5 at least, a sandboxed iframe does not interfere in any way with links.

My use case is this. My application, a mail client, receives html emails and uses an iframe to display them. A good example of such a mail can be seen here:


(When I receive it, the recipient's email address is in the bottom part of the page rather than #emailaddr#.) This is an example of a trusted email which has links. At present, my application strips out scripts as a primitive security measure, but I'd rather use a sandboxed iframe if possible. However, a user will expect to be able to click on a link in such an email and have a new window opened, separate from the email client. Hence my request for a new value for the sandbox attribute.

Cheers  --  Tim

More information about the whatwg mailing list