diff --git a/src/interfaces/assistants_web/src/components/Markdown/tags/Iframe.tsx b/src/interfaces/assistants_web/src/components/Markdown/tags/Iframe.tsx
index 2d19c7c30f..0c91980b4a 100644
--- a/src/interfaces/assistants_web/src/components/Markdown/tags/Iframe.tsx
+++ b/src/interfaces/assistants_web/src/components/Markdown/tags/Iframe.tsx
@@ -65,6 +65,10 @@ export const Iframe: Component<ComponentPropsWithoutRef<'iframe'> & { 'data-src'
             srcDoc={code}
             ref={iframeRef}
             className="max-h-[450px] min-h-[450px] w-full overflow-y-auto rounded-lg border border-mushroom-800 bg-white dark:border-volcanic-300 dark:bg-volcanic-150"
+            // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
+            // make sure the iframe is sandboxed to prevent any malicious scripts
+            // NEVER ALLOW `allow-scripts` and `allow-same-origin` together
+            sandbox="allow-scripts"
           />
         </TabPanel>
         <TabPanel>
diff --git a/src/interfaces/coral_web/src/components/Shared/Markdown/tags/Iframe.tsx b/src/interfaces/coral_web/src/components/Shared/Markdown/tags/Iframe.tsx
index 4c85fb6dc0..8ffce1e8e5 100644
--- a/src/interfaces/coral_web/src/components/Shared/Markdown/tags/Iframe.tsx
+++ b/src/interfaces/coral_web/src/components/Shared/Markdown/tags/Iframe.tsx
@@ -67,6 +67,10 @@ export const Iframe: Component<ComponentPropsWithoutRef<'iframe'> & { 'data-src'
             srcDoc={code}
             ref={iframeRef}
             className="max-h-[450px] min-h-[450px] w-full overflow-y-auto rounded-lg border border-mushroom-800 bg-white"
+            // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe
+            // make sure the iframe is sandboxed to prevent any malicious scripts
+            // NEVER ALLOW `allow-scripts` and `allow-same-origin` together
+            sandbox="allow-scripts"
           />
         </TabPanel>
         <TabPanel>