Blocking framebusting scripts by using HTML5 sandboxing

This page includes the iframe framebuster.html which will try to bust out of its frame.

The HTML5 sandbox feature can prevent any iframes from trying to bust out of their frame, as shown below. This can be done by the default sandbox option, which does not allow any scripts to run. Below the framebuster.html frame is included twice,

first as sandboxed iframe not allowed to execute JavaScript (so you will not see the animation of the moving dot),
then as sandboxed iframe that is allowed to execute JavaScript (so you see the moving dot, but the iframe still does not have permission to bust out of its frame).

Even if we allow scripts to run in the iframe, with sandbox="allow-scripts", the iframe is still not allowed to navigate up to its parent, as shown below