Merge remote-tracking branch '37933/37820-Console-error-in-email-preview' into comprs_jul4

Author: engcom-Charlie

app/code/Magento/Email/view/adminhtml/templates/preview/iframeswitcher.phtml

@@ -1,28 +1,32 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2019 Adobe
+ * All Rights Reserved.
  */
 
 /** @var \Magento\Backend\Block\Page $block */
 /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
+/** @var \Magento\Framework\Escaper $escaper */
 ?>
 <div id="preview" class="cms-revision-preview">
     <iframe name="preview_iframe"
             id="preview_iframe"
             frameborder="0"
-            title="<?= $block->escapeHtmlAttr(__('Preview')) ?>"
+            title="<?= $escaper->escapeHtmlAttr(__('Preview')) ?>"
             width="100%"
-            sandbox="allow-same-origin allow-pointer-lock"
+            sandbox="allow-scripts allow-same-origin allow-pointer-lock"
     ></iframe>
     <form id="preview_form"
-          action="<?= $block->escapeUrl($block->getUrl('*/*/popup')) ?>"
+          action="<?= $escaper->escapeUrl($block->getUrl('*/*/popup')) ?>"
           method="post"
           target="preview_iframe"
     >
     <input type="hidden" name="form_key" value="<?= /* @noEscape */ $block->getFormKey() ?>" />
     <?php foreach ($block->getPreviewFormViewModel()->getFormFields() as $name => $value): ?>
-        <input type="hidden" name="<?= $block->escapeHtmlAttr($name) ?>" value="<?= $block->escapeHtmlAttr($value) ?>"/>
+        <input type="hidden"
+               name="<?= $escaper->escapeHtmlAttr($name) ?>"
+               value="<?= $escaper->escapeHtmlAttr($value) ?>"
+        />
     <?php endforeach; ?>
     </form>
 </div>