Try @eslint-react/kit@beta
logoESLint React
Rules

no-missing-iframe-sandbox

Enforces an explicit 'sandbox' attribute for 'iframe' elements.

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom-no-missing-iframe-sandbox

Features

🔧

Presets

strict strict-typescript strict-type-checked

Rule Details

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using the sandbox attribute is considered a good security practice.

Examples

Rendering an <iframe> without a sandbox attribute

An iframe without sandbox allows the embedded content unrestricted capabilities, which is a security risk.

// Problem: missing sandbox attribute leaves the iframe unrestricted.
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^ Missing 'sandbox' attribute on iframe component.
}
// Recommended: add a sandbox attribute to restrict the iframe's capabilities.
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Versions

Resources

Further Reading

See Also

no-missing-button-type

Enforces an explicit 'type' attribute for 'button' elements.

no-render

Replaces usage of 'ReactDOM.render()' with 'createRoot(node).render()'.

On this page

Rule DetailsExamplesRendering an <iframe> without a sandbox attributeVersionsChangedFixedAddedResourcesFurther ReadingSee Also