Add a sandbox attribute to iframes | Critiq Docs

#Metadata

Rule ID: ts.security.iframe-missing-sandbox-attribute
Severity: low
Confidence: 0.75
Languages: javascript, typescript
Presets: security, strict
Stability: stable
Applies to: block
Tags: react, rules-catalog, security, xss

#Why it matters

Sandboxed iframes limit scripts, forms, and top-level navigation when embedded third-party content is compromised.

#Remediation

Add the most restrictive sandbox token set that still allows required behavior, and combine with a strict CSP.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.iframe-missing-sandbox-attribute.rule.yaml.

Back to directory Open rule in repository