We are using sandboxed iframes to safely display user-authored content. We only allow static HTML (HTML,CSS,Audio/Video/Images). To achieve this, we use an with sandbox=&qu