![]() ![]() The sandbox attribute is not supported in Internet Explorer 9 and earlier versions.It is recommended that suchĬontent should be served from a separate dedicated domain, to limit User's browser outside a sandboxed iframe. Sandboxing in general is only of minimal help if the attacker can arrange for the potentially hostile content to be displayed in the When the embedded document has the same origin as the main page, it is strongly discouraged to use both allow-scripts andĪllow-same-origin at the same time, as that allows the embeddedĭocument to programmatically remove the sandbox attribute.Īlthough it is accepted, this case is no more secure than not using the sandbox attribute. Unfortunately, enabling the allow-same-origin flag on the iframe element would effectively defeat the sandbox as it would allow scripts to disable the sandbox flag programmatically. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |