ptg16476052Opening Linked Windows with JavaScript 56720
n Content cannot navigate to the top-level browsing context.
n Autoplay features such as video or form focus controls are blocked.These features allow web designers to point to untrusted source material with less worry
that a malicious script could be run on their web server. But the sandbox attribute also
lets you open up the security for trusted sites with space-separated values of the sandbox
attribute. These values are explained in Table 20.3.
TABLE 20.3 Sandbox Values
Attribute Description
allow-forms Enables form submission
allow-pointer-lock Enables APIs
allow-popups Enables pop-ups
allow-same-origin Allows the iframe content to be treated as being from the same
origin
allow-scripts Enables scripts
allow-top-navigation Allows the iframe content to navigate its top-level browsing con-
text
If you use inline frames to point to pages on websites you don’t control, you should
always sandbox them as much as possible. This will keep both your website and your
customers more secure.
Opening Linked Windows with JavaScript
Pop-up windows are used all over the Web. They are often used to display advertise-
ments, but they can be used for all sorts of other things as well, such as creating a sepa-
rate window to show help text in an application or to display a larger version of a graph
that’s embedded in a document. You’ve seen how you can use the target attribute to
open a link in a new window, but that approach isn’t very flexible. You can’t control the
size of the window being displayed, nor which browser window controls are displayed.
Fortunately, with JavaScript you can take more control of the process of creating new
windows. You’ve already learned that one of the objects supported by JavaScript is
window. It refers to the window that’s executing the script. To open a new window, you