Sandbox

The sandbox directive creates a restricted environment for the requested resource, similar to the sandbox attribute of an <iframe>. It implements security measures by imposing limitations on various page actions, such as blocking pop-ups, disabling plugin and script execution, and enforcing a same-origin policy.

Tips & Tricks

• You can selectively enable specific features by including their values in the sandbox directive.
• ⚠️ Be cautious when using this directive as it can significantly impact the functionality of your web application.

Available Values

Here are all the available sandbox values you can use:

• allow-downloads-without-user-activation: Enables downloads to occur without user interaction
• allow-forms: Permits form submission within the sandboxed content
• allow-modals: Enables the opening of modal windows in the sandboxed environment
• allow-orientation-lock: Allows the sandboxed content to disable screen orientation locking
• allow-pointer-lock: Grants access to the Pointer Lock API within the sandbox
• allow-popups: Enables the creation of popups from the sandboxed content
• allow-popups-to-escape-sandbox: Permits popups to open without inheriting sandbox restrictions
• allow-presentation: Allows control over presentation session initiation in sandboxed iframes
• allow-same-origin: Enables the content to maintain its original origin within the sandbox
• allow-scripts: Permits script execution within the sandboxed environment
• allow-storage-access-by-user-activation: Allows the sandboxed content to request access to parent's storage via the Storage Access API
• allow-top-navigation: Enables navigation to the top-level browsing context from the sandbox
• allow-top-navigation-by-user-activation: Permits top-level navigation only when triggered by user interaction