The parent document can add event listeners and resize the IFrame to fit its contents. This, along
        with allow-top-navigation, can make the sandboxed iframe appear to be part of parent document.


        This sandbox is not a replacement for sanitizing input but can be used as part of a defense in
        depth strategy.

        Also be aware that this sandbox can be subverted by an attacker convincing a user to visit the
        iframe's source directly. The Content Security Policy HTTP header can be used to mitigate this
        attack.


        Read IFrames online: https://riptutorial.com/html/topic/499/iframes











































































        https://riptutorial.com/                                                                               64