Add iframe sandboxing

src/managers/views/iframe.js

@@ -16,7 +16,8 @@ class IframeView {
 			layout: undefined,
 			globalLayoutProperties: {},
 			method: undefined,
-			forceRight: false
+			forceRight: false,
+			allowScriptedContent: false
 		}, options || {});
 
 		this.id = "epubjs-view-" + uuid();
@@ -88,6 +89,12 @@ class IframeView {
 		// Back up if seamless isn't supported
 		this.iframe.style.border = "none";
 
+		// sandbox
+		this.iframe.sandbox = "allow-same-origin";
+		if (this.settings.allowScriptedContent && this.section.properties.indexOf("scripted") > -1) {
+			this.iframe.sandbox += " allow-scripts"
+		}
+
 		this.iframe.setAttribute("enable-annotation", "true");
 
 		this.resizing = true;