A reviewer has rejected my addon with the reason: Sandboxed iframes with attributes ‘allow-scripts’ and ‘allow-same-origin’ are not allowed for security reasons. He also said that I may simply remove the sandbox attribute of the iframe, i.e. make it a normal iframe. I would argue that this restric…

What's the point of forbidding a sandboxed iframe with allow-scripts and allow-same-origin?

juraj.masiar (Juraj Masiar) March 30, 2023, 1:12pm 9

Actually, this should be no longer an issue in the review process.

The sandbox attribute cannot be removed from the nested page inside iframe if the loaded page comes from a different host.
More info here:

Topic		Replies	Views
Can someone explain the issue behind the rule: "Sandboxed iframes with attributes ‘allow-scripts’ and ‘allow-same-origin’ are not allowed for security reasons." Development	6	22437	April 7, 2023
Iframes in extension addons.mozilla.org	7	1022	April 13, 2017
Iframes in web extension popover? addons.mozilla.org	1	930	February 27, 2020
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing Development	5	42879	July 9, 2023
WebExtensions – frame same origin policy – why? Development	3	938	February 4, 2017