0

In HTML5, there are iframe, which can contain an HTML document inside the parent document. There are several sanboxing options as this W3C page shows it. As far as I understand it, it prevents the iframe scripts from accessing/modifying/interfering with the parent DOM. That is a parent protection against its child.

Now, in HTML5, is there a parameter of the iframe (or it could be another tag) that prevent the parent page to access to the iframe content? Meaning, a child protection against its parent? And of course, if it is an iframe attribute, that would need to be an attribute that can't be removed through a javascript call such as ".removeAttribute()".

Emile D.
  • 602
  • 2
  • 11
  • 20
  • `document.querySelector('iframe').src="blank:about"` – zer00ne Oct 25 '18 at 23:32
  • Yes, sure, you would still be able to erase its content. Or delete it. But I am mostly thinking about alteration and access of its content. As far as I can see, the protection only apply when it is from another domain: https://stackoverflow.com/questions/364952/jquery-javascript-accessing-contents-of-an-iframe – Emile D. Oct 26 '18 at 14:18
  • I can't think of a situation where a site needs protection from...itself? – zer00ne Oct 26 '18 at 17:07

0 Answers0