Open kujirahand opened 1 year ago
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.