Mozilla community member Bob Owen reported that
<iframe sandbox>
restrictions are not applied to a
frame
element contained within a sandboxed iframe. As a result,
content hosted within a sandboxed iframe could use a frame
element
to bypass the restrictions that should be applied.