About This HTML Issue
In HTML, boolean attributes like allowfullscreen, disabled, readonly, and hidden work differently from what many developers expect. Their presence alone on an element means “true,” and their absence means “false.” The only valid values for a boolean attribute are the empty string ("") or the attribute’s own name (e.g., allowfullscreen="allowfullscreen"). Setting a boolean attribute to "true" is not valid HTML according to the WHATWG HTML living standard, even though browsers will typically still interpret it as enabled.
This matters for several reasons. First, it violates the HTML specification and will produce a W3C validation error. Second, it can create confusion for other developers who may assume that setting the attribute to "false" would disable it — but that’s not how boolean attributes work. Setting allowfullscreen="false" would still enable fullscreen because the attribute is present. Keeping your markup valid and semantically correct avoids these misunderstandings and ensures forward compatibility with browsers and tooling.
It’s also worth noting that allowfullscreen is now considered a legacy attribute. The modern approach is to use the allow attribute with the "fullscreen" permission token, which is part of the broader Permissions Policy mechanism. The allow attribute gives you fine-grained control over multiple features in a single attribute.
Examples
Incorrect: boolean attribute set to “true”
This triggers the validation error because "true" is not a valid value for a boolean attribute.
<iframe src="https://example.com" allowfullscreen="true"></iframe>Correct: boolean attribute with no value
Simply include the attribute name without any value assignment.
<iframe src="https://example.com" allowfullscreen></iframe>Also correct: boolean attribute with an empty string
The empty string is a valid value for any boolean attribute.
<iframe src="https://example.com" allowfullscreen=""></iframe>Also correct: boolean attribute set to its own name
Per the spec, a boolean attribute can be set to a case-insensitive match of its own name.
<iframe src="https://example.com" allowfullscreen="allowfullscreen"></iframe>
Recommended: using the modern allow attribute
The allow attribute is the preferred approach going forward. It replaces allowfullscreen and can also control other permissions like camera, microphone, and more.
<iframe src="https://example.com" allow="fullscreen"></iframe>
You can combine multiple permissions in a single allow attribute:
<iframe src="https://example.com" allow="fullscreen; camera; microphone"></iframe>Common mistake: trying to disable with “false”
Be aware that the following does not disable fullscreen — the attribute is still present, so fullscreen is still allowed. This would also produce a validation error.
<!-- This does NOT disable fullscreen — and is invalid HTML -->
<iframe src="https://example.com" allowfullscreen="false"></iframe>To disable fullscreen, simply omit the attribute entirely:
<iframe src="https://example.com"></iframe>Find issues like this automatically
Rocket Validator scans thousands of pages in seconds, detecting HTML issues across your entire site.