Speaker Polarity Test – Online Click & Listen
Generate a pop signal to determine if speakers are wired in phase. Quick stereo test.
UD5 Toolkit
Configure, test, and generate iframe sandbox permissions in real-time
allow-scripts). Refresh iframe to re-run tests.
srcdoc instead of src for inline content. The sandbox attribute is additive — each token grants a specific capability.
sandbox attribute on an <iframe> element applies extra restrictions to the content embedded within it. When present without any value (i.e., sandbox=""), it blocks all privileged actions: scripts, forms, popups, plugins, and same-origin access are all disabled. You then selectively re-enable capabilities by adding tokens like allow-scripts, allow-forms, etc. It's a critical security mechanism for embedding untrusted third-party content.
allow-scripts and allow-same-origin are present, the iframe can execute JavaScript that has access to the parent page's origin — including cookies, localStorage, and DOM if same-origin. More critically, the iframe can remove its own sandbox attribute via JavaScript, completely escaping the restrictions. Never combine these two tokens for untrusted content. If you must use both, ensure the iframe content is fully trusted and served from a separate origin.
allow-scripts is off, JavaScript won't execute at all. (2) If allow-modals is off, alert() calls silently fail. (3) If allow-forms is off, form submissions are blocked. (4) If allow-popups is off, window.open() returns null. The test results panel above receives real-time feedback via postMessage from the iframe when scripts are allowed.
allow-popups, popup windows opened by the iframe will not inherit the sandbox restrictions. They open as fully-privileged windows. Without this token, popups also carry the sandbox limitations.allow-top-navigation, top-level navigation (changing top.location) is only permitted when triggered by a genuine user gesture (click, tap, keypress). This prevents automated redirects while still allowing legitimate user-initiated navigation.
allow-scripts, allow-same-origin, allow-forms, allow-popups, allow-modals, allow-top-navigation) are supported in all modern browsers including Chrome, Firefox, Safari, and Edge. Newer tokens like allow-popups-to-escape-sandbox, allow-top-navigation-by-user-activation, allow-downloads, and allow-presentation also have broad modern support but may be absent in older browsers. Always test your target browser matrix and provide fallbacks when necessary.
sandbox="" (empty) and add only the tokens you need.allow-top-navigation to prevent automated redirects.postMessage to communicate between iframe and parent rather than relying on same-origin access.Generate a pop signal to determine if speakers are wired in phase. Quick stereo test.
Display an astigmatism dial and instructions for self-assessment. Educational, not a medical diagnosis.
Hear a word spoken by browser TTS and type the spelling. Choose difficulty or paste your own list. Great for kids. Local only.
Override your browser's geolocation to any coordinates and test how your app responds. For development and privacy testing.
Hear text spoken word by word with boundary events. See the exact index and character. Advanced TTS dev tool.
Load a video and visually check if audio aligns with lips. Use frame‑by‑frame stepping. Debug playback issues.
Toggle a screen wake lock to prevent the device from dimming or sleeping. See the lock state and learn the API.
Check if your page triggers the beforeinstallprompt event. Simulate the install flow. Debug PWA installability.
Paste your Accept‑Language header and see which languages your site should serve based on quality values. Internationalization helper.
Test how your page loads under slow, 3G, or offline conditions by intercepting fetch and applying delays. No DevTools needed.
Override your browser's geolocation to any coordinates and test how your app responds. For development and privacy testing.
Check current screen orientation and test the lock API. Useful for mobile web apps. Demo with code.
Test the Fullscreen API: request fullscreen on a colored div, detect changes, and copy the JavaScript boilerplate.
Test the Web Share API by sharing text, links, and files directly from the browser. Check compatibility and see example code.
Check if your browser and display support the wider DCI‑P3 color space. See the difference with a simple test pattern.
Enter any phrase and instantly see if it's a palindrome, ignoring spaces and punctuation. Fun for word nerds.
Write JavaScript code and see the output or console.log results immediately. Safe iframe sandbox. For quick experiments.
Generate random, formatted ID numbers that match pattern rules for various countries. For testing input validation. No real data.
Pick a method, URL, headers, and body, then send an HTTP request directly from your browser. Debug APIs easily.
Quickly test if your webcam, microphone, and speakers work correctly. See live video and audio meter. No data sent.
Generate random but realistic‑looking data arrays (users, products, orders) with typos and missing fields. For test robustness.
Simple interactive eye dominance test: hold up a virtual dot and see which eye stays aligned. Educational.
Simulate random mouse moves, clicks, or keystrokes to test idle‑timeout logic. Stops when you move the mouse. Dev test.
Paste a test card number to verify Luhn algorithm, identify issuer (Visa, MC), and check length. No real data.
Play left‑only, right‑only, and frequency sweeps to test your speakers or headphones. Quick audio check.
See a live VU meter of your microphone's input level. Test if your mic is working and adjust gain. Privacy‑friendly.
Strip dangerous HTML tags and attributes (scripts, onclick) to prevent XSS attacks. Safe iframe preview. Local sanitation engine.
Evaluate the strength of your passwords with a visual meter and detailed feedback. Check for length, complexity, and breached passwords. All analysis is client-side.
Write or paste HTML, CSS, and JavaScript and instantly see the rendered output in a sandboxed iframe. A handy frontend prototyping tool.
Generate ultra-secure, random passwords with configurable length and character sets. Created entirely on your device; never transmitted or stored.