1. Web
  2. Web APIs
  3. HTMLIFrameElement
  4. sandbox

HTMLIFrameElement: sandbox property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since ⁨July 2015⁩.

The sandbox read-only property of the HTMLIFrameElement interface returns a DOMTokenList indicating extra restrictions on the behavior of the nested content.

It reflects the sandbox attribute of the <iframe> element.

Value

A DOMTokenList. Each item must be one of the tokens listed in the sandbox attribute of the <iframe> element.

Examples

html
<iframe
  id="el"
  title="example"
  src="https://example.com"
  sandbox="allow-same-origin allow-scripts"></iframe>
js
const el = document.getElementById("el");
console.log(Array.from(el.sandbox)); // Output: ["allow-same-origin", "allow-scripts"]

el.sandbox = "";
console.log(Array.from(el.sandbox)); // Output: []

Specifications

Specification
HTML
# dom-iframe-sandbox

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on by MDN contributors.

View this page on GitHubReport a problem with this content