These attributes provide control over the permissions of the iFrame, allowing the user to tailor the behavior of the iFrame for Confluence Macro based on specific security and functionality requirements.
The options are available under Settings > iFrame Macros > Configuration.
...
Below we have a bit more information on each of the sandbox properties.
allow-forms
Description: The allow-forms
attribute specifies whether the embedded content is allowed to submit forms. If this attribute is present, the embedded document is permitted to invoke forms and interact with them.
allow-pointer-lock
Description: The allow-pointer-lock
attribute indicates whether the embedded content is allowed to use the Pointer Lock API. This API provides access to raw mouse movement data.
allow-popups
Description: The allow-popups
attribute controls whether the embedded content is allowed to open new browser windows or tabs.
allow-same-origin
Description: The allow-same-origin
attribute specifies whether the embedded content is allowed to access resources from the same origin (domain) as the parent document.
allow-scripts
Description: The allow-scripts
attribute determines whether the embedded content is permitted to execute scripts. If present, it enables the execution of JavaScript within the iframe.
allow-top-navigation
Description: The allow-top-navigation
attribute controls whether the embedded content is allowed to navigate the top-level browsing context.
allow-downloads
Description: The allow-downloads
attribute specifies whether the embedded content is allowed to initiate downloads.