HTMLIFrameElement: sandbox property - Web APIs

HTMLIFrameElement: sandbox property - Web APIs | MDN

Value

A live DOMTokenList object.

Although the sandbox property itself is read-only in the sense that you can't replace the DOMTokenList object, you can still assign to the sandbox property directly, which is equivalent to assigning to its value property. You can also modify the DOMTokenList object using the add(), remove(), replace(), and toggle() methods.

Examples

html

<iframe
  id="el"
  title="example"
  src="https://example.com"
  sandbox="allow-same-origin allow-scripts"></iframe>

const el = document.getElementById("el");
console.log(Array.from(el.sandbox)); // Output: ["allow-same-origin", "allow-scripts"]

el.sandbox = "";
console.log(Array.from(el.sandbox)); // Output: []

Specifications

Specification
HTML # dom-iframe-sandbox

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on Nov 25, 2025 by MDN contributors.