← Back to release summary

'allow-top-navigation-by-user-activation' <iframe sandbox> keyword

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 58)

Intent stage

None

Summary

Adds a new keyword named "allow-top-navigation-by-user-activation" for iframe sandbox, which requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent malicious auto-redirecting).

Standards & signals

• Specification: https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-top-navigation-by-user-activation
• Firefox: Shipped/Shipping
• Safari: Shipped/Shipping
• Web developers: Positive
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=662506

Docs: https://github.com/WICG/interventions/issues/42 https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

Samples: http://w3c-test.org/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html

View on chromestatus.com