Links inside iframe (not in popup) doesnt work

I can't really explain the 'why' cause don't know much about the sandbox attribute of the iframe, but the link opened in a new tab just fine for me when I removed that attribute.

edit:

Looking into it a little more, it seems that you can add the attribute "allow-top-navigation" and then change the link to 'target=_parent' and that works, but it still will not work if you leave the target=_blank

Here is a little bit of documentation from the mozilla site

sandbox HTML5 only
If specified as an empty string, this attribute enables extra restrictions on the content that can appear in the inline frame. The value of the attribute can be a space-separated list of tokens that lift particular restrictions. Valid tokens are:

  • allow-same-origin: Allows the content to be treated as being from its normal origin. If this keyword is not used, the embedded content is treated as being from a unique origin.
  • allow-top-navigation: Allows the embedded browsing context to navigate (load) content to the top-level browsing context. If this keyword is not used, this operation is not allowed.
  • allow-forms: Allows the embedded browsing context to submit forms. If this keyword is not used, this operation is not allowed.
  • allow-scripts: Allows the embedded browsing context to run scripts (but not create pop-up windows). If this keyword is not used, this operation is not allowed.

Note:

  • When the embedded document has the same origin as the main page, it is strongly discouraged to use both allow-scripts and allow-same-origin at the same time, as that allows the embedded document to programmatically remove the sandbox attribute. Although it is accepted, this case is no more secure than not using the sandbox attribute.
  • Sandboxing in general is only of minimal help if the attacker can arrange for the potentially hostile content to be displayed in the user's browser outside a sandboxed iframe. It is recommended that such content should be served from a separate dedicated domain, to limit the potential damage.

There isn't much more there, but here's the link


Sandbox gives you control to set needed permissions instead of opening up everything. Here with your need to set permission,"allow-scripts allow-popups". it will work fine. make sure you remove the configurations according to the situation.

  <iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms"
src="your_url"></iframe>

Tags:

Html

Iframe

Hyperlink

Recent Posts