👀 Live Preview
An iframe with inline content via srcdoc:
No external HTML file was loaded for the frame document.

The srcdoc attribute is a useful HTML feature used with the <iframe> element. It lets you embed HTML content directly in the attribute value as a string, so the browser renders that markup inside the frame without fetching a separate file from src.
This is handy for lightweight demos, previews, documentation embeds, and sandboxed snippets. For large or reusable pages, a normal src URL is often simpler to maintain.
One element.
String value.
URL vs inline.
< in attrs.
.srcdoc updates.
Stay secure.
srcdocThe primary purpose of the srcdoc attribute is to specify the HTML content that should be displayed inside an <iframe>. Instead of pointing src at an external document, you inline the markup in the parent page itself. The browser creates a nested document from that string and renders it in the frame.
This provides a convenient way to build self-contained iframe previews—especially in tutorials, code playgrounds, and UI components that show a live result next to source code.
When srcdoc is present and supported, the browser uses it and does not load the URL from src. Use one approach or the other for clarity; do not rely on both at once.
Set srcdoc to an HTML string on <iframe>. Escape angle brackets in the parent HTML document:
<iframe
title="Embedded preview"
srcdoc="<p>This is embedded content.</p>"
width="300"
height="200"></iframe><iframe>.< as < inside the attribute.title for accessibility.src and srcdoc are set, srcdoc takes precedence.sandbox when embedding untrusted or dynamic HTML.The srcdoc attribute accepts a string containing HTML markup:
<p>Hello</p> (escaped in attributes).<!DOCTYPE html><html>...</html> with inline styles.iframe.srcdoc.<!-- Short paragraph -->
srcdoc="<p>Inline content</p>"
<!-- Full document with styles -->
srcdoc="<!DOCTYPE html><html><body><h1>Title</h1></body></html>"| Topic | Detail | Example |
|---|---|---|
| Element | <iframe> only | Inline embed |
| Value type | HTML string | Escaped markup |
vs src | Inline vs external URL | srcdoc wins if both set |
| JavaScript | iframe.srcdoc = html | Runtime update |
| Security | Use sandbox | Limit scripts |
| A11y | Required title | Describe frame |
| Element | Supported? | Notes |
|---|---|---|
<iframe> | Yes | Primary and only standard use |
<img>, <script> | No | Use src instead |
<object>, <embed> | No | Different embedding models |
| Related | sandbox, title | Pair with iframe attributes |
srcdoc vs src on iframe| Feature | srcdoc | src |
|---|---|---|
| Content source | Inline HTML string | External URL |
| Extra HTTP request | No (for frame document) | Yes |
| Best for | Small demos, previews | Full pages, apps, widgets |
| Maintenance | Markup in parent file | Separate HTML file |
| If both set | Used (src ignored) | Ignored when srcdoc present |
Basic inline embed, dynamic JavaScript update, and a styled document with sandbox.
An iframe with inline content via srcdoc:
No external HTML file was loaded for the frame document.
Embed a simple paragraph inside an iframe:
<iframe
title="Embedded preview"
srcdoc="<p>This is the embedded content within the iframe.</p>"
width="300"
height="200"></iframe>The browser parses the HTML string in srcdoc and renders it as the iframe’s document. This is useful for lightweight content without creating a separate HTML file.
Update iframe content at runtime by assigning to srcdoc:
<iframe id="dynamicIframe" title="Dynamic frame"></iframe>
<script>
var html = "<p>This content is dynamically set with JavaScript.</p>";
document.getElementById("dynamicIframe").srcdoc = html;
</script>The iframe with id dynamicIframe starts empty. The script assigns an HTML string to srcdoc, which the browser renders inside the frame on the fly.
Embed a mini HTML document and restrict capabilities with sandbox:
<iframe
title="Sandboxed preview"
sandbox=""
srcdoc="<!DOCTYPE html><html><body><h1>Hello</h1></body></html>"
width="320"
height="140"></iframe>sandbox="" applies the strictest default restrictions (no scripts, forms, or top navigation). Add tokens like sandbox="allow-scripts" only when you truly need them.
<iframe srcdoc> needs a title describing the embedded content for screen reader users.lang in full srcdoc documents when language differs from the parent page.On iframe srcdoc.
Creates nested document.
Isolated browsing context.
No extra HTML file.
The srcdoc attribute is supported in all modern browsers on <iframe>.
Chrome, Firefox, Safari, and Edge all support srcdoc.
Bottom line: Use srcdoc in modern projects; provide a src fallback only if you must support very old browsers.
srcdoc for small, self-contained iframe previewstitle on every iframesandbox for untrusted or user contentsrcdocsrc insteadsrc and srcdoc without understanding precedenceallow-scripts in sandbox without a security reviewThe srcdoc attribute provides a convenient way to embed HTML content within iframes directly in your page. Whether you include static snippets or update content dynamically with JavaScript, understanding srcdoc helps you build interactive previews and tutorials.
Use it for lightweight embeds, pair it with sandbox for safety, and reach for src when the framed content deserves its own file. With both tools, you can create engaging, well-structured embedded experiences.
srcdocBookmark these before your next iframe embed.
String on iframe
PurposeOne element
ScopeWhen both set
CompareLive updates
DynamicStay safe
Securityiframe instead of loading an external document from src.<iframe> element supports the srcdoc attribute.srcdoc is used and src is ignored for loading the frame document.< instead of < inside the attribute. In JavaScript, build a normal HTML string and assign it to iframe.srcdoc.iframe.srcdoc = "<p>New content</p>" to update the frame without reloading the parent page.src only.Practice srcdoc and dynamic updates in the Try It editor.
5 people found this page helpful