Allow popups to escape sandboxed iframe Sample

Available in Chrome 46+ | View on GitHub | Browse Samples

In order to mitigate the risks associated with ads when using sandboxed iframes, developers can now add "allow-popups-to-escape-sandbox" to the frame "attribute". This allows the sandboxed document to spawn new windows without forcing the sandboxing flags upon them, hence creating a clean browsing context. For instance, a third-party advertisement could be safely sandboxed without forcing the same restrictions upon a landing page.

Popup windows can be spawned with window.open() and target="_blank" links.

<!-- No sandbox there... Popup window won't be sandboxed as well -->
<iframe id="red" src="iframe.html"></iframe>

<!-- This sandboxed frame will allow sandboxed popup window to open popups
     but not to execute JavaScript for instance. -->
<iframe id="green" src="iframe.html" sandbox="allow-popups"></iframe>

<!-- This sandboxed frame will create a clean non sandboxed popup window,
     allowed to execute JavaScript and open popups. -->
<iframe id="blue" src="iframe.html"
        sandbox="allow-popups allow-popups-to-escape-sandbox"></iframe>