Sandbox

ironhtml_attributes

Enum Sandbox 

Source 
pub enum Sandbox {
    AllowForms,
    AllowModals,
    AllowOrientationLock,
    AllowPointerLock,
    AllowPopups,
    AllowPopupsToEscapeSandbox,
    AllowPresentation,
    AllowSameOrigin,
    AllowScripts,
    AllowTopNavigation,
    AllowTopNavigationByUserActivation,
}
Expand description

The sandbox attribute values for <iframe> elements.

§Purpose

Enables extra restrictions on iframe content for security, allowing fine-grained control over what capabilities the embedded content has access to.

§Usage Context

  • Used with: <iframe> elements
  • Security: Applies strict sandbox by default; flags allow specific capabilities
  • Multiple values: Space-separated list of allowed capabilities
  • Default: Empty sandbox (most restrictive)

§Valid Values

  • AllowForms: Allow form submission
  • AllowModals: Allow opening modal windows (alert, confirm, print)
  • AllowOrientationLock: Allow screen orientation lock
  • AllowPointerLock: Allow Pointer Lock API
  • AllowPopups: Allow popups (window.open, target=“_blank”)
  • AllowPopupsToEscapeSandbox: Allow popups without sandbox restrictions
  • AllowPresentation: Allow Presentation API
  • AllowSameOrigin: Treat content as same-origin (use with caution)
  • AllowScripts: Allow JavaScript execution
  • AllowTopNavigation: Allow navigating top-level browsing context
  • AllowTopNavigationByUserActivation: Allow top navigation only from user gesture

§Example

use ironhtml_attributes::{AttributeValue, Sandbox};
let sandbox = Sandbox::AllowScripts;
assert_eq!(sandbox.to_attr_value(), "allow-scripts");
<iframe src="untrusted.html" sandbox></iframe>
<iframe src="widget.html" sandbox="allow-scripts allow-same-origin"></iframe>
<iframe src="game.html" sandbox="allow-scripts allow-pointer-lock"></iframe>

§WHATWG Specification

Variants§

§

AllowForms

Allow form submission from the sandboxed content.

§

AllowModals

Allow the sandboxed content to open modal windows (alert, confirm, print, etc.).

§

AllowOrientationLock

Allow the sandboxed content to lock the screen orientation.

§

AllowPointerLock

Allow the sandboxed content to use the Pointer Lock API.

§

AllowPopups

Allow the sandboxed content to open popup windows.

§

AllowPopupsToEscapeSandbox

Allow popups opened by the sandboxed content to not inherit the sandbox restrictions.

§

AllowPresentation

Allow the sandboxed content to use the Presentation API.

§

AllowSameOrigin

Allow the content to be treated as being from its normal origin. WARNING: Dangerous when combined with allow-scripts.

§

AllowScripts

Allow the sandboxed content to run scripts (but not create popups).

§

AllowTopNavigation

Allow the sandboxed content to navigate the top-level browsing context (the full window).

§

AllowTopNavigationByUserActivation

Allow top-level navigation only when triggered by user activation (safer than allow-top-navigation).

Trait Implementations§

Source§

impl AttributeValue for Sandbox

Source§

fn to_attr_value(&self) -> Cow<'static, str>

Convert to the attribute value string.
Source§

impl Clone for Sandbox

Source§

fn clone(&self) -> Sandbox

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Sandbox

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl PartialEq for Sandbox

Source§

fn eq(&self, other: &Sandbox) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for Sandbox

Source§

impl Eq for Sandbox

Source§

impl StructuralPartialEq for Sandbox

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.