If you have an iframe, you will get an issue like this:

Blocked script execution in 'https://thewebsite.com/something/something' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.

Use case: Payment Gateway or isolated environment which requires an iframe.

• Proposal add settings to toggle sandbox environment
• Possible values sandbox="allow-same-origin allow-scripts allow-popups allow-forms"

Hi, I'm okay with adding this. Do you think there would be any security issues with doing this? Could the code running inside iframe gain access to the app's localStorage or indexeddb? This would effectively expose all the application data to the iframe. I'm not sure how same origin works when the src is an object url.

Hi, I'm okay with adding this. Do you think there would be any security issues with doing this? Could the code running inside iframe gain access to the app's localStorage or indexeddb? This would effectively expose all the application data to the iframe. I'm not sure how same origin works when the src is an object url.

By default it is disabled, I made a PR for it :) because I am working on a payment gateway the page JS does not work :c Please review it!

Thanks for the PR. Appreciate it. I've added a comment. I'll merge the code once it's resolved.

done