sandbox ↔ Attribute to restrict access to <iframe\> vs Browsing Context

""

to block access across <iframe\>

"allow-same-origin"

to allow access for Same-Origin (within same parent iframe)

"allow-scripts"

to allow <iframe\> to execute JS

References