As an additional layer of security for embedding iFrames, allow the user to specify a list of domains from which to allow iFrame display and only allow iFrames to be rendered if they are sourced from the list of allowed sources.