[whatwg] Modifying iframe sandbox attributes

Ian Hickson ian at hixie.ch
Wed Jul 24 11:05:53 PDT 2013


On Mon, 22 Apr 2013, Tim Streater wrote:
>
> I need to add/remove the allow-scripts attribute to/from an iframe 
> sandbox, since I use one frame for two purposes (sometimes with 
> untrusted content, other times with my own content that uses 
> JavaScript). I've tried the following:
> 
> iframePtr.sandbox = "allow-popups allow-same-origin allow-scripts";
> 
> and:
> 
> iframePtr.sandbox = "allow-popups allow-same-origin";
> 
> This doesn't appear to work in Safari 6.0.4. Is this the right syntax? 
> Is such a possibility even implemented yet.

It should work. Make sure you set them before you navigate the iframe, 
though.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'


More information about the whatwg mailing list