When using html5 sandbox iframe I want the iframe to not be able to change its location:
<iframe sandbox="allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts" class="iframe visible" src="thesource.html" width="100%" scrolling="auto" frameborder="0"></iframe>
It works great in Chrome but in Firefox an sandboxed iframe can still redirect.
it's a known bug but how can I patch it so that all Firefox users won't be redirected?
Example:
An with extra restrictions:
<iframe src="demo_iframe_sandbox.htm" sandbox=""></iframe>
the sandbox attribute is supported in Internet Explorer 10, Firefox, Chrome, and Safari.
Note: The sandbox attribute is not supported in Internet Explorer 9 and earlier versions, or in Opera.
Definition and Usage
If specified as an empty string (sandbox=""), the sandbox attribute enables a set of extra restrictions for the content in the inline frame.
The value of the sandbox attribute can either be an empty string (all the restrictions is applied), or a space-separated list of pre-defined values that will REMOVE particular restrictions.
Differences Between HTML 4.01 and HTML5
The sandbox attribute is new in HTML5.
Syntax
<iframe sandbox="value">
Attribute Values
javascript: is a kind of weird URI protocol. It works in some contexts, like , but not all - for instance, a window's location can not be set to such a URI. (While you can assign a javascript: URI to window.location as a really roundabout way of running a script, the window's location doesn't stay set to that value.)
To write content into an IFRAME, get a reference to the frame's document and write to it. Doing so will require that you set the allow-same-origin sandbox flag.
<iframe id="myframe" sandbox="allow-scripts allow-same-origin" src="about:blank"></iframe>
<script>
var frame = document.getElementById("myframe");
var fdoc = frame.contentDocument;
fdoc.write("Hello world"); // or whatever
</script>
Live example: http://jsfiddle.net/wUvrF/1/
