Kilotest: Diagnoses of iframe sandbox attributes risky violation by HTML element 147 on Koenig Childhood Cancer Foundation donations page

Basics

About the Koenig Childhood Cancer Foundation donations page

• URL: https://thekccf.org/donate
• Tested 13 days ago by job vc2 on 2026-05-19 at 14:37

About HTML element 147

• Tag name: IFRAME
• Text: [not applicable]
• Start tag: <iframe class="block w-full h-full max-w-full border-0" src="https://www.zeffy.com/embed/donation-form/donate-to-make-a-difference-18649" title="Zeffy donation form" scrolling="yes" allow="payment" sandbox="allow-scripts allow-same-origin allow-forms allow-popups" style="-webkit-overflow-scrolling:touch;overflow:auto;min-height:300px;height:100%">
• XPath: /html/body/main[1]/div[1]/div[1]/div[4]/div[1]/div[1]/div[1]/div[2]/div[2]/iframe[1]
• Bounding box: x = 1264, y = 386, width = 448, height = 580

About the iframe sandbox attributes risky issue

• Why it matters: Document may be unsafe to use
• Priority: low
• Related WCAG standard: 4.1

Diagnoses

Here is how tools diagnose the iframe sandbox attributes risky issue for HTML element 147 of the Koenig Childhood Cancer Foundation donations page.

1. Potentially bad value allow-scripts allow-same-origin allow-forms allow-popups for attribute sandbox on element iframe: Setting both allow-scripts and allow-same-origin is not recommended, because it effectively enables an embedded page to break out of all sandboxing.

   Tool: Html Checker API (World Wide Web Consortium)