← 返回首页
HTMLIFrameElement: sandbox property - Web APIs | MDN
HTML

HTML: Markup language

HTML reference HTML guides Markup languages
CSS

CSS: Styling language

CSS reference CSS guides Layout cookbook
JavaScriptJS

JavaScript: Scripting language

JS reference JS guides
Web APIs

Web APIs: Programming interfaces

Web API reference Web API guides
All

All web technology

Technologies Topics
Learn

Learn web development

Frontend developer course Learn HTML Learn CSS Learn JavaScript
Tools

Discover our tools

About

Get to know MDN better

Blog
Toggle sidebar
  1. Web
  2. Web APIs
  3. HTMLIFrameElement
  4. sandbox
Theme
  • OS default
  • Light
  • Dark
English (US)
Remember language Learn more

HTMLIFrameElement: sandbox property

Baseline Widely available

This feature is well established and works across many devices and browser versions. It’s been available across browsers since July 2015.

The read-only sandbox property of the HTMLIFrameElement returns a live DOMTokenList object indicating extra restrictions on the behavior of the nested content. It reflects the <iframe> element's sandbox content attribute.

In this article

Value

A live DOMTokenList object.

Although the sandbox property itself is read-only in the sense that you can't replace the DOMTokenList object, you can still assign to the sandbox property directly, which is equivalent to assigning to its value property. You can also modify the DOMTokenList object using the add(), remove(), replace(), and toggle() methods.

Examples

html
<iframe id="el" title="example" src="https://example.com" sandbox="allow-same-origin allow-scripts"></iframe>
js
const el = document.getElementById("el"); console.log(Array.from(el.sandbox)); // Output: ["allow-same-origin", "allow-scripts"] el.sandbox = ""; console.log(Array.from(el.sandbox)); // Output: []

Specifications

Specification
HTML
# dom-iframe-sandbox

Browser compatibility

Enable JavaScript to view this browser compatibility table.

Help improve MDN

Was this page helpful to you?
Yes No
Learn how to contribute

This page was last modified on Nov 25, 2025 by MDN contributors.

View this page on GitHubReport a problem with this content
  1. HTML DOM API
  2. HTMLIFrameElement
  3. Instance properties
    1. allow
    2. allowFullscreen
    3. allowPaymentRequest
    4. browsingTopics
    5. contentDocument
    6. contentWindow
    7. credentialless
    8. csp
    9. featurePolicy
    10. height
    11. loading
    12. name
    13. privateToken
    14. referrerPolicy
    15. sandbox
    16. src
    17. srcdoc
    18. width
  4. Instance methods
    1. getSVGDocument()
  5. Inheritance
    1. HTMLElement
    2. Element
    3. Node
    4. EventTarget
  6. Related pages for HTML DOM
    1. BeforeUnloadEvent
    2. DOMStringMap
    3. ErrorEvent
    4. HTMLAnchorElement
    5. HTMLAreaElement
    6. HTMLAudioElement
    7. HTMLBRElement
    8. HTMLBaseElement
    9. HTMLBodyElement
    10. HTMLButtonElement
    11. HTMLCanvasElement
    12. HTMLDListElement
    13. HTMLDataElement
    14. HTMLDataListElement
    15. HTMLDialogElement
    16. HTMLDivElement
    17. HTMLDocument
    18. HTMLElement
    19. HTMLEmbedElement
    20. HTMLFieldSetElement
    21. HTMLFormControlsCollection
    22. HTMLFormElement
    23. HTMLFrameSetElement
    24. HTMLGeolocationElement
    25. HTMLHRElement
    26. HTMLHeadElement
    27. HTMLHeadingElement
    28. HTMLHtmlElement
    29. HTMLImageElement
    30. HTMLInputElement
    31. HTMLLIElement
    32. HTMLLabelElement
    33. HTMLLegendElement
    34. HTMLLinkElement
    35. HTMLMapElement
    36. HTMLMediaElement
    37. HTMLMenuElement
    38. HTMLMetaElement
    39. HTMLMeterElement
    40. HTMLModElement
    41. HTMLOListElement
    42. HTMLObjectElement
    43. HTMLOptGroupElement
    44. HTMLOptionElement
    45. HTMLOptionsCollection
    46. HTMLOutputElement
    47. HTMLParagraphElement
    48. HTMLPictureElement
    49. HTMLPreElement
    50. HTMLProgressElement
    51. HTMLQuoteElement
    52. HTMLScriptElement
    53. HTMLSelectElement
    54. HTMLSourceElement
    55. HTMLSpanElement
    56. HTMLStyleElement
    57. HTMLTableCaptionElement
    58. HTMLTableCellElement
    59. HTMLTableColElement
    60. HTMLTableElement
    61. HTMLTableRowElement
    62. HTMLTableSectionElement
    63. HTMLTemplateElement
    64. HTMLTextAreaElement
    65. HTMLTimeElement
    66. HTMLTitleElement
    67. HTMLTrackElement
    68. HTMLUListElement
    69. HTMLUnknownElement
    70. HTMLVideoElement
    71. HashChangeEvent
    72. History
    73. ImageData
    74. Location
    75. MessageChannel
    76. MessageEvent
    77. MessagePort
    78. Navigator
    79. PageRevealEvent
    80. PageSwapEvent
    81. PageTransitionEvent
    82. Plugin
    83. PluginArray
    84. PromiseRejectionEvent
    85. RadioNodeList
    86. TimeRanges
    87. UserActivation
    88. ValidityState
    89. Window
    90. WorkletGlobalScope
  7. Guides
    1. Using microtasks in JavaScript with queueMicrotask()
    2. In depth: Microtasks and the JavaScript runtime environment

Your blueprint for a better internet.

MDN Contribute Developers

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2026 by individual mozilla.org contributors. Content available under a Creative Commons license.