My project ID is webscrapbook@danny0838.addons.mozilla.org
3rd party remote scripts are NOT possible in extensions (unless an arbitrary “content_security_policy” manifest is set, which is not the case for my extension), as previously mentioned: "As extensions are protected by the content security policy, only explicit extension scripts may be run and no external or arbitrary scripts are possible. "
As NO 3rd party script is involved, there can’t be any more security issue for a sandboxed iframe that allows scripts than a normal iframe. I request that the silly restriction for addon reviewing “Sandboxed iframes with attributes ‘allow-scripts’ and ‘allow-same-origin’ are not allowed for security reasons.” should be revoked, and addons that are rejected only due to such reason should be unrejected.