Enum SandboxMode

  • SandboxMode is an enum in Apps Script'sHtmlService used to define how client-side scripts execute in a security sandbox.

  • TheNATIVE andEMULATED sandbox modes were deprecated and are now sunset, with onlyIFRAME mode currently supported.

  • Client-side code in HTML service runs in a security sandbox to protect users from malicious code, imposing restrictions on script execution.

  • TheIFRAME mode has fewer restrictions and runs faster than previous modes but may not be compatible with older browsers.

  • You can check the actual sandbox mode on the client-side by inspectinggoogle.script.sandbox.mode.

SandboxMode

An enum representing the sandbox modes that can be used for client-sideHtmlServicescripts. These values can be accessed fromHtmlService.SandboxMode, and set by callingHtmlOutput.setSandboxMode(mode).

To call an enum, you call its parent class, name, and property. For example,HtmlService.SandboxMode.IFRAME.

TheNATIVE andEMULATED modes weredeprecated on October 13, 2015 and both are now sunset. OnlyIFRAME mode is nowsupported.

To protect users from being served malicious HTML or JavaScript, client-side code served fromHTML service executes in a security sandbox that imposes restrictions on the code. The methodHtmlOutput.setSandboxMode(mode) previously allowed script authors to choosebetween different versions of the sandbox, but now has no effect. For more information, see theguide to restrictions in HTML service.

TheIFRAME mode imposes many fewer restrictions than the other sandbox modes and runsfastest, but does not work at all in certain older browsers, including Internet Explorer 9. Thesandbox mode can also be read in a client-side script by inspectinggoogle.script.sandbox.mode. Note that this property returns the actual mode on the client, whichmay differ from the mode requested on the server if the requested mode is not supported in theuser's browser.

<!-- Read the sandbox mode (in a client-side script). --><script>  alert(google.script.sandbox.mode);</script>

Properties

PropertyTypeDescription
EMULATEDEnumA legacy sandbox mode that emulates ECMAScript 5 strict mode using only the features availablein ECMAScript 3. This mode was the default prior to February 2014.

EMULATED wassunset as of December 10,2015. All scripts attempting useEMULATED will now useIFRAME instead.

IFRAMEEnumA sandbox mode that uses iframe sandboxing instead of the Caja sandbox technology used by theEMULATED andNATIVE modes. This mode is the default for new scripts as ofNovember 12, 2015 and for all scripts as of July 6, 2016.

This mode imposes many fewer restrictions than the other sandbox modes and runs fastest, butdoes not work at all in certain older browsers, including Internet Explorer 9.

NATIVEEnumA sandbox mode that is built on top of ECMAScript 5 strict mode. A sandbox mode built on top ofECMAScript 5 strict mode. This mode wassunset asof July 6, 2016. All scripts now useIFRAME mode.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-11 UTC.