[ci skip] Sandbox proxy iframe to prevent frame-busting

Add sandbox attribute to prevent proxied pages from navigating
top.location or replacing the parent page body. Allows scripts,
same-origin, forms, popups, and presentation but blocks
top-navigation.

modules/kubernetes/f1-stream/files/static/js/streams.js

@@ -362,10 +362,11 @@ function openBrowserSession(streamId, streamTitle, streamURL) {
   // Remove any existing iframe
   contentEl.querySelectorAll('.browser-iframe').forEach(el => el.remove());
 
-  // Create iframe
+  // Create iframe with sandbox to prevent frame-busting and top-navigation
   const iframe = document.createElement('iframe');
   iframe.src = proxyURL;
   iframe.className = 'browser-iframe';
+  iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation');
   iframe.setAttribute('allowfullscreen', '');
   iframe.onload = function() {
     loader.classList.add('hidden');

modules/kubernetes/f1-stream/main.tf

@@ -37,7 +37,7 @@ resource "kubernetes_deployment" "f1-stream" {
       }
       spec {
         container {
-          image = "viktorbarzin/f1-stream:v1.2.3"
+          image = "viktorbarzin/f1-stream:v1.2.4"
           name  = "f1-stream"
           resources {
             limits = {