What will the window.origin be in html5 sandbox iframes?

Leave a Comment / Frontend / June 22, 2018

I did a test about this.

If

  • Your site is www.host.com
  • The iframe src is also www.host.com

Then

  • sanbox + "allow-same-orign" enabled => window.origin will be "www.host.com"
  • sanbox + "allow-same-orign" DISABLED => window.origin will be null

If

  • Your site is www.host.com
  • The iframe src is www.guest.com

Then

  • sanbox + "allow-same-orign" => window.origin will be "www.guest.com"
  • sanbox + "allow-same-orign" DISABLED => window.origin will be null

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.