no-missing-iframe-sandbox

Full Name in eslint-plugin-react-dom

react-dom/no-missing-iframe-sandbox

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom-no-missing-iframe-sandbox

Features

🔧

Presets

strict strict-typescript strict-type-checked

Rule Details

The sandbox attribute enables an extra set of restrictions for the content in the iframe. Using the sandbox attribute is considered a good security practice.

Common Violations

Invalid

function MyComponent() {
  return <iframe src="https://eslint-react.xyz" />;
  //     ^^^ Missing 'sandbox' attribute on iframe component.
}

Valid

function MyComponent() {
  return <iframe src="https://eslint-react.xyz" sandbox="allow-popups" />;
}

Resources

• Rule Source
• Test Source

Further Reading

• MDN: iframe sandbox

See Also

• react-dom/no-missing-button-type
  Enforces an explicit type attribute for button elements.
• react-dom/no-unsafe-iframe-sandbox
  Enforces that the sandbox attribute for iframe elements is not set to unsafe combinations.