On the standards track: Yes
Is Experimental: No
Is Deprecated: No
In Chrome version 5 on 2010-05-25 Note: Chrome 70 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Chrome Android version 18 on 2012-06-27 Note: Chrome Android 70 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Edge version 79 on 2020-01-15 Note: Edge 79 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Firefox version ≤49 on undefined
In Firefox for Android version ≤49 on undefined
In Internet Explorer version ≤11 on undefined
In Quest Browser version 5.0 on undefined Note: Quest Browser 6.0 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Opera version 15 on 2013-07-02 Note: Opera 57 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Opera Android version 14 on 2013-05-21 Note: Opera Android 49 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Safari version 5 on 2010-06-07 Note: Safari blocks script execution without allow-scripts even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Safari on iOS version 4 on 2010-06-21 Note: Safari blocks script execution without allow-scripts even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In Samsung Internet version 1.0 on 2013-04-27 Note: Samsung Internet 10.0 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In WebView Android version 4.4 on 2013-12-09 Note: WebView Android 70 and earlier block script execution without allow-scripts, even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.
In WebView on iOS version 4 on 2010-06-21 Note: Safari blocks script execution without allow-scripts even if allow-same-origin is set. For example, any bound handlers for click events of nodes inside an iframe throw an error for blocked script execution.