history.pushState pollutionEMBEDDED

Pile up iframe-owned history entries and interfere with the parent tab's back navigation.

Behavior by sandbox policy
PolicyExpected result
No sandboxworks
sandbox="allow-scripts"works
sandbox="" (strictest)blocked
Embed snippet

This snippet uses the dedicated embed page. Paste it into your own service and check rendering or blocking behavior.

<iframe src="https://xss-playground.com/embed/history-pollution?lang=en" title="XSS Playground - history.pushState pollution" width="600" height="420" loading="lazy" referrerpolicy="strict-origin-when-cross-origin"></iframe>

Run

// no logs

Explanation