Contact Us

REQ-00214

implemented architectural required system / component-system

Statement

A generic Embed component shall apply restrictive iframe defaults (sandbox with allow-scripts and allow-same-origin only, no allow attributes by default, no allowfullscreen by default, referrerpolicy of strict-origin-when-cross-origin or stricter) with explicit opt-in escape hatches for permissions.

Rationale

Generic iframe embedding requires a secure-by-default posture. Delivered by PLN-1 (D-PLN1-03).

Topics

Owner: component-system

Related: analytics-privacy

Applies To

Tags

embed iframe sandbox security

Search

Search across pages and articles. Use arrow keys to navigate results.

Search across pages and articles.

Loading search...

Search is unavailable. Please try again later.

    No results for ""

    Try different keywords or fewer words.

    This site uses cookies and tracking technologies to improve your experience. You can accept all tracking, reject optional tracking, or allow only required functionality. Privacy Policy