Question

42

How to programatically remove sandbox attribute from an iframe with javascript

rated 0 times [ 44] [ 2] / answers: 1 / hits: 31785 / 11 Years ago, sun, april 21, 2013, 12:00:00

I didn't think this was possible, however, i found this quote:

It is strongly discouraged to use both allow-scripts and allow-same-origin at the same time, as that allows the embedded document to programmatically remove the sandbox attribute.

My iframe needs to have a sandbox, but only when I am browsing in certain URLs where the embedded browsing context tries to navigate (load) content to the top-level browsing context (Jump out of frame...)

On other pages the sandbox needs to be removed entirely, as it wont allow me to browse away from a site with a different origin...

The frame attempting navigation is sandboxed, and is therefore disallowed from navigating its ancestors.

Programatically changing the sandbox with :

document.getElementById(frame).sandbox = ;

...doesnt work either as this still places restrictions... Therefore, i need to somehow remove the attribute entirely, how would i go about doing this?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

yisroels

Add To Favorites

Follow

Total Points: 256

Total Questions: 94

Total Answers: 102

Location: Chad

Member since Mon, Dec 5, 2022

1 Year ago

answered 11 Years ago janjadonb · Accepted Answer

These flags only take effect when the nested browsing context of the
iframe is navigated. Removing them, or removing the entire sandbox
attribute, has no effect on an already-loaded page.

More info - Here