![XSS Bypass sandbox="allow-same-origin" policy in IFRAME using the Latest version of Firefox Browser - Secrash - Bug Bounty Tips XSS Bypass sandbox="allow-same-origin" policy in IFRAME using the Latest version of Firefox Browser - Secrash - Bug Bounty Tips](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV0F6Q1dnqZXZ_KB22FEe2r072mNba_qbiPPlFuKGjCjkToBfQdn7Wqr-bTF-RwOIN6jOF4LF6egQIui-bTxcmWJpjSbE2VVgRzDZFJ0DcrSUqvqXJXe2hCa-JffaIWoax9tO2iRWBdb0GWb1lfer0XIPpwwq5D07UER96I1vFiCyF4nR3bbMZfOydyCxg/w0/Screenshot_58.png)
XSS Bypass sandbox="allow-same-origin" policy in IFRAME using the Latest version of Firefox Browser - Secrash - Bug Bounty Tips
![Can someone explain the issue behind the rule: "Sandboxed iframes with attributes 'allow-scripts' and 'allow-same-origin' are not allowed for security reasons." - Development - Mozilla Discourse Can someone explain the issue behind the rule: "Sandboxed iframes with attributes 'allow-scripts' and 'allow-same-origin' are not allowed for security reasons." - Development - Mozilla Discourse](https://discourse-prod-uploads-81679984178418.s3.dualstack.us-west-2.amazonaws.com/original/3X/4/a/4a4751def7381c2ca4a0234630f29cd5f55bffe1.png)
Can someone explain the issue behind the rule: "Sandboxed iframes with attributes 'allow-scripts' and 'allow-same-origin' are not allowed for security reasons." - Development - Mozilla Discourse
GitHub - MTG/cross-origins-iframe-chrome-tests: Recent versions of chrome (> 64) block media access from iframes loaded from a cross domain unless permission is explicitly given: https://sites.google.com/a/chromium.org/dev/Home/chromium-security ...
![Restricting cross-origin iframe navigation to external protocols with permissions policy · Issue #6111 · whatwg/html · GitHub Restricting cross-origin iframe navigation to external protocols with permissions policy · Issue #6111 · whatwg/html · GitHub](https://user-images.githubusercontent.com/2622601/97371812-6bfe3800-18b2-11eb-8338-43297283dd0e.png)