An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing

My addon - https://addons.mozilla.org/en-US/firefox/addon/easy-youtube-video-download/ uses iframes to load external website for 1080p downloads, but suddenly there is no iframe visible now. I get this message - “An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.” in the console, I am not sure what changed at Firefox’s end now breaking the functionality ???

I just moved the injected frame a bit in the DOM and then it actually shows up with this content:

image

Thanks, that means Youtube changed code which broke this. The warning made me think it was change on firefox security which broke it.

Nope. The warning just tells you that with those two flags you could almost as well not set the sandbox property.
Given that the frame is cross-origin already, the allow-same-origin probably doesn’t do anything, though:

allow-same-origin: Allows the content to be treated as being from its normal origin. If this keyword is not used, the embedded content is treated as being from a unique origin.

OK thanks, I tried using a few other placeholders but unluckly can’t get the iframe to load at the place like earlier (below subscribe button). Will keep trying.

Hi dishita, were u able to fix this?