Available in Chrome 46+ | View on GitHub | Browse Samples
In order to mitigate the risks associated with ads when using sandboxed
iframes, developers can now add "allow-popups-to-escape-sandbox"
to the frame "attribute". This allows the sandboxed document to
spawn new windows without forcing the sandboxing flags upon them, hence
creating a clean browsing context. For instance, a third-party
advertisement could be safely sandboxed without forcing the same restrictions
upon a landing page.
Popup windows can be spawned with window.open() and
target="_blank" links.
<!-- No sandbox there... Popup window won't be sandboxed as well -->
<iframe id="red" src="iframe.html"></iframe>
<!-- This sandboxed frame will allow sandboxed popup window to open popups
but not to execute JavaScript for instance. -->
<iframe id="green" src="iframe.html" sandbox="allow-popups"></iframe>
<!-- This sandboxed frame will create a clean non sandboxed popup window,
allowed to execute JavaScript and open popups. -->
<iframe id="blue" src="iframe.html"
sandbox="allow-popups allow-popups-to-escape-sandbox"></iframe>