no-missing-iframe-sandbox
Full Name in eslint-plugin-react-dom
react-dom/no-missing-iframe-sandbox
Full Name in @eslint-react/eslint-plugin
@eslint-react/dom/no-missing-iframe-sandbox
Features
🔍
Presets
dom
recommended
recommended-typescript
recommended-type-checked
What it does
Enforces explicit sandbox
attribute for iframe
elements.
Why is this bad?
The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using sandbox attribute is considered a good security practice.
Examples
This rule checks all React iframe elements and verifies that there is sandbox attribute and that it’s value is valid.
Failing
import React from "react";
function Example() {
return <iframe src="https://example.com" />;
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
// - Missing 'sandbox' attribute on iframe component.
}
Passing
import React from "react";
function Example() {
return <iframe src="https://example.com" sandbox="allow-popups" />;
}