Page Summary

outlined_flag

• All Apps Script sandbox modes exceptIFRAME are sunset, and apps using older modes now automatically useIFRAME mode.

• Apps migrating toIFRAME mode may need to set the link target attribute, include top-level HTML tags, explicitly load theapi.js library, callsetOrigin() for Google Picker, note potential lack of support on older browsers, use HTTPS for imported resources, and prevent default form submissions.

• Setting the link target attribute to_top or_blank is required inIFRAME mode and can be done via the link tag or a<base> tag.

• HTML files must include<!DOCTYPE html>,<html>, and<body> tags inIFRAME mode.

• The Google native loader libraryapi.js must now be explicitly loaded using a script tag.

• Users of the Google Picker API need to callsetOrigin() withgoogle.script.host.origin.

• IFRAME mode, based on HTML5 iframe sandboxing, is not supported in some older browsers like IE9.

• Resources imported into apps must now use HTTPS instead of HTTP.

• Form submissions are no longer prevented by default inIFRAME mode, requiring JavaScript to prevent default behavior for click handlers to function.

Apps Script uses asecurity sandboxto provide protective isolation for Google Workspaceapplications in certain situations. Allsandbox modes are now sunset except forIFRAME. Apps using older sandboxmodes now use the newerIFRAME mode automatically.

Apps that previously used these older modes with the HTML Service may need tomake changes forIFRAME mode, to address the following differences:

• You now must override the link'starget attribute usingtarget="_top" ortarget="_blank"
• HTML files served by the HTML Service must include<!DOCTYPE html>, <html>, and <body> tags
• The Google native loader libraryapi.js doesn't load automatically inIFRAME mode
• Picker users need to callsetOrigin() because content is served from a new domain
• Some older browsers, including IE9, are not supported
• Imported resources must now use HTTPS
• Form submission are no longer prevented by default

These differences are detailed in the following sections.

Setting the link target attribute

In theIFRAME mode you need to set the link target attribute to either_top or_blank:

functiondoGet(){vartemplate=HtmlService.createTemplateFromFile('top');returntemplate.evaluate();}

<!DOCTYPE html><html> <body>   <div>     <a href="http://google.com">Click Me!</a>   </div> </body></html>

You can also override this attribute using the <base> tag within the headsection of the enclosing web page:

<!DOCTYPE html><html><head><basetarget="_top"></head><body><div><ahref="http://google.com">ClickMe!</a></div></body></html>

Top-level HTML tags

UnderNATIVE (andEMULATED) sandbox mode, certain HTML tags would beautomatically added to an Apps Script .html file, but this does not happen whenusingIFRAME mode.

To make sure your project pages are served correctly usingIFRAME, wrap yourpage content in the following top-level tags:

<!DOCTYPE html><html><body><!--AddyourHTMLcontenthere--></body></html>

Native Javascript loader library must be explicitly loaded

Scripts that relied on automatic loading of the native loader libraryapi.jsmust be changed to load this library explicitly, as in the following example:

<scriptsrc="https://apis.google.com/js/api.js?onload=onApiLoad"></script>

Google Picker API change

When using theGoogle Picker API, you must now callsetOrigin() when constructingthe PickerBuilder and pass in the origingoogle.script.host.origin, as shownin the following example:

functioncreatePicker(oauthToken){varpicker=newgoogle.picker.PickerBuilder().addView(google.picker.ViewId.SPREADSHEETS)//OradifferentViewId.setOAuthToken(oauthToken).setDeveloperKey(developerKey).setCallback(pickerCallback).setOrigin(google.script.host.origin)//NotethesetOrigin.build();picker.setVisible(true);}

For a full working example, seeFile-open dialogs.

Browser support

TheIFRAME sandbox mode is based on theiframe sandboxingfeature in HTML5.This is not supported in some older browsers, such as Internet Explorer 9. Thiscan be an issue if your Apps Script project both:

• usesHtmlService, and
• previously usedEMULATED orNATIVE sandboxing

Migrating these apps toIFRAME sandbox mode means they may no longer work onsome older browsers (notably IE9 and earlier) that don't support HTML5's iframesandboxing feature.

Apps that already requestIFRAME mode or don't useHtmlService at all areunaffected by this issue.

HTTPS is now required for imported resources

Previous applications that imported resources using HTTP must be changed touse HTTPS instead.

Form submission are no longer prevented by default

UnderNATIVE sandboxing HTML forms were prevented from actually submittingand navigating the page. Given that, a developer could simply add anonclickhandler to the submit button and not have to worry about what happened after.

WithIFRAME mode however HTML forms are allowed to submit, and if a formelement has noaction attribute specified it will submit to a blank page.Worse, the inner iframe will redirect to the blank page before theonclickhandler has a chance to finish.

The solution is to add JavaScript code to your page that prevents the formelements from actually submitting, so that the click handlers have time tofunction:

<script>//Preventformsfromsubmitting.functionpreventFormSubmit(){varforms=document.querySelectorAll('form');for(vari=0;i <forms.length;i++){forms[i].addEventListener('submit',function(event){event.preventDefault();});}}window.addEventListener('load',preventFormSubmit);</script>

A complete example can be found on the HtmlService guideClient-to-Server Communication.