My page adds iframe which loads external library and when I open iframe src on the new tab anybody can add params like customCSS linking to malicious site which can change my st
