An enum representing the sandbox modes that can be used for client-side
scripts. These values can be accessed from
HtmlService.SandboxMode, and set by calling
EMULATED modes were deprecated on October 13, 2015 and both are now sunset. Only
IFRAME mode is now supported.
HTML service executes in a security sandbox that imposes restrictions on the code. The method
HtmlOutput.setSandboxMode(mode) previously allowed script authors to choose
between different versions of the sandbox, but now has no effect. For more information, see the
guide to restrictions in HTML service.
IFRAME mode imposes many fewer restrictions than the other sandbox modes and runs
fastest, but does not work at all in certain older browsers, including Internet Explorer 9. The
sandbox mode can also be read in a client-side script by inspecting
google.script.sandbox.mode. Note that this property returns the actual mode on the client, which
may differ from the mode requested on the server if the requested mode is not supported in the
<!-- Read the sandbox mode (in a client-side script). --> <script> alert(google.script.sandbox.mode); </script>
|A legacy sandbox mode that emulates ECMAScript 5 strict mode using only the features available
in ECMAScript 3. This mode was the default prior to February 2014.
|A sandbox mode that uses iframe sandboxing instead of the Caja sandbox technology used by the
This mode imposes many fewer restrictions than the other sandbox modes and runs fastest, but does not work at all in certain older browsers, including Internet Explorer 9.
|A sandbox mode that is built on top of ECMAScript 5 strict mode. A sandbox mode built on top of
ECMAScript 5 strict mode. This mode was sunset as
of July 6, 2016. All scripts now use