Topic on Extension talk:EmbedScript
Iframe sandbox attribute
I'm starting this project back up; following up on some old comments. :)
Yeah, looks like
sandbox="allow-scripts" may be what we want; disables some things but still allows scripting. I'll want to make sure that doesn't break the postMessage though...