logoESLint React
Rules

no-missing-iframe-sandbox

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom/no-missing-iframe-sandbox

Presets

  • dom
  • recommended
  • recommended-typescript
  • recommended-type-checked

Description

Enforces explicit sandbox attribute for iframe elements.

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using sandbox attribute is considered a good security practice.

Examples

This rule checks all React iframe elements and verifies that there is sandbox attribute and that it's value is valid.

Failing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  //     - Missing 'sandbox' attribute on iframe component.
}

Passing

import React from "react";
 
function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Implementation

Further Reading


See Also

On this page