The sandbox attribute allows you to block same-origin access, prevent top-level navigation, block scripts, and blocking form submission.
This would be great for sites that wrap other sites as apps (consider everything.me) and could provide a way for users to standalone-ize their favorite sites without worrying about the site breaking out of the standalone environment.
Elsewhere, @mattbasta wrote: