Struct IframeBuilder

Source

pub struct IframeBuilder(/* private fields */);

Implementations§

Source §

pub fn allow(self, value: impl AttributeValue<String>) -> Self

Specifies a feature policy for the <iframe>.

Source

pub fn height(self, value: impl AttributeValue<String>) -> Self

The height of the frame in CSS pixels. Default is 150.

Source

pub fn name(self, value: impl AttributeValue<String>) -> Self

A targetable name for the embedded browsing context. This can be used in the target attribute of the <a>, <form>, or <base> elements; the formtarget attribute of the <input> or <button> elements; or the windowName parameter in the window.open() method.

Source

pub fn referrerpolicy(self, value: impl AttributeValue<String>) -> Self

Indicates which referrer to send when fetching the frame’s resource.

Source

pub fn sandbox(self, value: impl AttributeValue<String>) -> Self

Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:

allow-downloads-without-user-activation: Allows for downloads to occur without a gesture from the user.
allow-forms: Allows the resource to submit forms. If this keyword is not used, form submission is blocked.
allow-modals: Lets the resource open modal windows.
allow-orientation-lock: Lets the resource lock the screen orientation.
allow-pointer-lock: Lets the resource use the Pointer Lock API.
allow-popups: Allows popups (such as window.open(), target=“_blank”, or showModalDialog()). If this keyword is not used, the popup will silently fail to open.
allow-popups-to-escape-sandbox: Lets the sandboxed document open new windows without those windows inheriting the sandboxing. For example, this can safely sandbox an advertisement without forcing the same restrictions upon the page the ad links to.
allow-presentation: Lets the resource start a presentation session.
allow-same-origin: If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy.
allow-scripts: Lets the resource run scripts (but not create popup windows).
allow-storage-access-by-user-activation : Lets the resource request access to the parent’s storage capabilities with the Storage Access API.
allow-top-navigation: Lets the resource navigate the top-level browsing context (the one named _top).
allow-top-navigation-by-user-activation: Lets the resource navigate the top-level browsing context, but only if initiated by a user gesture.

Notes about sandboxing:

When the embedded document has the same origin as the embedding page, it is strongly discouraged to use both allow-scripts and allow-same-origin, as that lets the embedded document remove the sandbox attribute — making it no more secure than not using the sandbox attribute at all.

Sandboxing is useless if the attacker can display content outside a sandboxed iframe — such as if the viewer opens the frame in a new tab. Such content should be also served from a separate origin to limit potential damage.

Source

pub fn src(self, value: impl AttributeValue<String>) -> Self

The URL of the page to embed. Use a value of about:blank to embed an empty page that conforms to the same-origin policy. Also note that programatically removing an <iframe>’s src attribute (e.g. via Element.removeAttribute()) causes about:blank to be loaded in the frame in Firefox (from version 65), Chromium-based browsers, and Safari/iOS.

Source

pub fn srcdoc(self, value: impl AttributeValue<String>) -> Self

Inline HTML to embed, overriding the src attribute. If a browser does not support the srcdoc attribute, it will fall back to the URL in the src attribute.

Source