Dear W3C & Internet Browser Makers: the Iframe Sandbox default behavior should disable everything, including generic <a> links. Add an "allow-links" like how we "allow-forms" or "allow-scripts". The prior default behavior was fine it didnt open links