![]() allow-scripts: Lets the resource run scripts (but not create popup windows).allow-same-origin: If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy (potentially preventing access to data storage/cookies and some JavaScript APIs).allow-presentation: Lets the resource start a presentation session.For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to. #Iframe no border windows#allow-popups-to-escape-sandbox: Lets the sandboxed document open new windows without those windows inheriting the sandboxing.If this keyword is not used, the popup will silently fail to open. allow-popups: Allows popups (such as window.open(), target="_blank", or showModalDialog()).allow-pointer-lock: Lets the resource use the Pointer Lock API.allow-orientation-lock: Lets the resource lock the screen orientation.allow-modals: Lets the resource open modal windows.If this keyword is not used, form submission is blocked. allow-forms: Allows the resource to submit forms.allow-downloads: Allows for downloads to occur with a gesture from the user.allow-downloads-without-user-activation Experimental: Allows for downloads to occur without a gesture from the user.The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions: This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.Īpplies extra restrictions to the content in the frame. unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username). #Iframe no border full#
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |