That setting is exactly the sort of reason I'm locked in a war to block ads from Google and others. What good is an escapable sandbox, other than for Google?
well, while I definitely block ads as well (when I don't reverse engineer them), this directive does have a good reason. It means:
"Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them".
If it was absent, when user clicks the ad and it opens a new tab of the advertiser website, it would inherit the sandbox directives from the safeframe, which might break it. To be clear "sandbox" in this context refers to the iframe sandbox[0], not to be confused with the renderer process sandbox[1].
The iframe sandbox is not for you or google. It’s for sites that want to protect themselves from ads they embed on the page. You’ll also see this used on proxy websites that scrape your requested URL and embed the contents of that page in an iframe.
"Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them".
If it was absent, when user clicks the ad and it opens a new tab of the advertiser website, it would inherit the sandbox directives from the safeframe, which might break it. To be clear "sandbox" in this context refers to the iframe sandbox[0], not to be confused with the renderer process sandbox[1].
[0]: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/if...
[1]: https://chromium.googlesource.com/chromium/src/+/refs/heads/...