An enum representing the sandbox modes that can be used for client-side HtmlService
scripts. These values can be accessed from HtmlService.SandboxMode
, and set by calling
HtmlOutput.setSandboxMode(mode)
.
To call an enum, you call its parent class, name, and property. For example,
HtmlService.SandboxMode.IFRAME
.
The NATIVE
and EMULATED
modes were deprecated on October 13, 2015 and both are now sunset. Only
IFRAME
mode is now supported.
To protect users from being served malicious HTML or JavaScript, client-side code served from
HTML service executes in a security sandbox that imposes restrictions on the code. The method
HtmlOutput.setSandboxMode(mode)
previously allowed script authors to choose
between different versions of the sandbox, but now has no effect. For more information, see the
guide to restrictions in HTML service.
The IFRAME
mode imposes many fewer restrictions than the other sandbox modes and runs
fastest, but does not work at all in certain older browsers, including Internet Explorer 9. The
sandbox mode can also be read in a client-side script by inspecting google.script.sandbox.mode
. Note that this property returns the actual mode on the client, which
may differ from the mode requested on the server if the requested mode is not supported in the
user's browser.
<!-- Read the sandbox mode (in a client-side script). --> <script> alert(google.script.sandbox.mode); </script>
Properties
Property | Type | Description |
---|---|---|
EMULATED | Enum | A legacy sandbox mode that emulates ECMAScript 5 strict mode using only the features available
in ECMAScript 3. This mode was the default prior to February 2014.
|
IFRAME | Enum | A sandbox mode that uses iframe sandboxing instead of the Caja sandbox technology used by the
EMULATED and NATIVE modes. This mode is the default for new scripts as of
November 12, 2015 and for all scripts as of July 6, 2016.
This mode imposes many fewer restrictions than the other sandbox modes and runs fastest, but does not work at all in certain older browsers, including Internet Explorer 9. |
NATIVE | Enum | A sandbox mode that is built on top of ECMAScript 5 strict mode. A sandbox mode built on top of
ECMAScript 5 strict mode. This mode was sunset as
of July 6, 2016. All scripts now use IFRAME mode. |