How can I prevent JavaScript in an iFrame to access properties of the outer site, even if the iFrame's content comes from the same origin?

Question

Basically I want to have an iFrame which always restricts it\'s content as if it comes from a different domain, even if the content comes from the same origin.

Is th

Answer 1

The best solution is probably to use the HTML5 sandbox attribute on the iframe, which (by default) explicitly disables both scripting and same-origin access to the parent DOM.

Good introduction at http://msdn.microsoft.com/en-us/hh563496.aspx

As of Dec 2012, this seems to be supported on most current browsers.