HTML 服务:限制
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
为防止用户受到恶意 HTML 或 JavaScript 的侵害,Apps 脚本使用 iframe 来沙盒化 HTML 服务 Web 应用或 Google 文档、表格和表单的自定义界面。(在其他情况下,例如生成电子邮件正文时,HTML 服务不会使用沙盒。)沙盒对客户端代码施加了限制。
沙盒模式
除 IFRAME
之外,所有沙盒模式现已停用。使用旧版沙盒模式的应用现在会自动使用新版 IFRAME
模式。如果您有使用旧模式(NATIVE
和 EMULATED
)开发的脚本,则应按照迁移说明操作,以确保这些脚本在 IFRAME
模式下正常运行。
现在,调用 setSandboxMode
方法时不会产生任何效果。
iframe 模式下的限制
IFRAME
沙盒模式基于 HTML5 中的 iframe 沙盒化功能,使用以下关键字:
allow-same-origin
allow-forms
allow-scripts
allow-popups
allow-downloads
allow-modals
allow-popups-to-escape-sandbox
allow-top-navigation-by-user-activation
- 此属性仅针对独立脚本项目设置。
allow-top-navigation
关键字允许内容导航到其顶级浏览上下文,但该关键字受到限制,并且未在沙盒中设置为属性。如果您需要重定向脚本,请添加一个链接或按钮,供用户采取相应操作。
设置链接目标属性
在 IFRAME
模式下,您需要将链接目标属性设置为 _top
或 _blank
:
Code.js
function doGet() {
var template = HtmlService.createTemplateFromFile('top');
return template.evaluate().setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
top.html
<!DOCTYPE html>
<html>
<body>
<div>
<a href="http://google.com" target="_top">Click Me!</a>
</div>
</body>
</html>
您还可以使用封装网页的 head 部分中的 <base>
标记替换此属性:
<!DOCTYPE html>
<html>
<head>
<base target="_top">
</head>
<body>
<div>
<a href="http://google.com">Click Me!</a>
</div>
</body>
</html>
对于有效内容,必须使用 HTTPS
脚本、外部样式表和 XmlHttpRequest 等“有效”内容必须通过 HTTPS(而非 HTTP)加载。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-31。
[null,null,["最后更新时间 (UTC):2025-08-31。"],[[["\u003cp\u003eApps Script utilizes iframes to sandbox HTML service web apps and custom interfaces for Google products, protecting users from malicious code.\u003c/p\u003e\n"],["\u003cp\u003eAll sandbox modes except \u003ccode\u003eIFRAME\u003c/code\u003e are sunset; existing scripts using older modes automatically transition to \u003ccode\u003eIFRAME\u003c/code\u003e, and developers should migrate their code accordingly.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIFRAME\u003c/code\u003e sandbox mode, based on HTML5 iframe sandboxing, imposes limitations on client-side code with specific allowances and restrictions.\u003c/p\u003e\n"],["\u003cp\u003eTo redirect users in \u003ccode\u003eIFRAME\u003c/code\u003e mode, use links or buttons with \u003ccode\u003etarget="_top"\u003c/code\u003e or \u003ccode\u003e_blank"\u003c/code\u003e or utilize the \u003ccode\u003e<base>\u003c/code\u003e tag to override this behavior.\u003c/p\u003e\n"],["\u003cp\u003eActive content like scripts and external stylesheets within the sandboxed environment must be loaded over HTTPS to ensure security.\u003c/p\u003e\n"]]],[],null,["# HTML Service: Restrictions\n\nTo protect users from being served malicious HTML or JavaScript, Apps Script\nuses iframes to sandbox HTML-service web apps or custom user\ninterfaces for Google Docs, Sheets, and Forms. (The HTML service does not use a\nsandbox in other situations, like generating the body of an email.) The sandbox\nimposes limitations on client-side code.\n\nSandbox Mode\n------------\n\nAll sandbox modes are now sunset except for `IFRAME`. Apps using older sandbox\nmodes now use the newer `IFRAME` mode automatically. If you have scripts that\nwere developed using the older modes (`NATIVE` and `EMULATED`), you should\nfollow the [migration instructions](/apps-script/migration/iframe) to ensure\nthey function properly under the `IFRAME` mode.\n\nThe [`setSandboxMode`](/apps-script/reference/html/html-output#setSandboxMode(SandboxMode))\nmethod now has no effect when called.\n\nRestrictions in IFRAME mode\n---------------------------\n\nThe `IFRAME` sandbox mode is based on the\n[iframe sandboxing](https://html.spec.whatwg.org/#attr-iframe-sandbox) feature\nin HTML5, using the following keywords:\n\n- `allow-same-origin`\n- `allow-forms`\n- `allow-scripts`\n- `allow-popups`\n- `allow-downloads`\n- `allow-modals`\n- `allow-popups-to-escape-sandbox`\n- `allow-top-navigation-by-user-activation` - This attribute is only set for [stand-alone script projects](/apps-script/guides/standalone).\n\nThe `allow-top-navigation` keyword, which allows the content to navigate its\ntop-level browsing context, is restricted and not set as an attribute in the\nsandbox. If you need to redirect your script, add a link or a button for the\nuser to take action on instead.\n\n### Setting the link target attribute\n\nIn the `IFRAME` mode you need to set the link target attribute to either\n`_top` or `_blank`: \n\n### Code.js\n\n function doGet() {\n var template = HtmlService.createTemplateFromFile('top');\n return template.evaluate().setSandboxMode(HtmlService.SandboxMode.IFRAME);\n }\n\n### top.html\n\n \u003c!DOCTYPE html\u003e\n \u003chtml\u003e\n \u003cbody\u003e\n \u003cdiv\u003e\n \u003ca href=\"http://google.com\" target=\"_top\"\u003eClick Me!\u003c/a\u003e\n \u003c/div\u003e\n \u003c/body\u003e\n \u003c/html\u003e\n\nYou can also override this attribute using the `\u003cbase\u003e` tag within the head\nsection of the enclosing web page: \n\n \u003c!DOCTYPE html\u003e\n \u003chtml\u003e\n \u003chead\u003e\n \u003cbase target=\"_top\"\u003e\n \u003c/head\u003e\n \u003cbody\u003e\n \u003cdiv\u003e\n \u003ca href=\"http://google.com\"\u003eClick Me!\u003c/a\u003e\n \u003c/div\u003e\n \u003c/body\u003e\n \u003c/html\u003e\n\n### HTTPS required for active content\n\n[\"Active\" content](https://developer.mozilla.org/en-US/docs/Security/MixedContent#Mixed_active_content)\nlike scripts, external stylesheets, and XmlHttpRequests must be loaded over\nHTTPS, not HTTP."]]