I’m working with an iframe and attempting to define its own Content Security Policy (CSP) using the csp attribute and the sandbox attribute. Here’s the HTML structure of my iframe: