diff --git a/Classes/Domain/Model/Iframe.php b/Classes/Domain/Model/Iframe.php
index 52b9248..9a8d8bb 100644
--- a/Classes/Domain/Model/Iframe.php
+++ b/Classes/Domain/Model/Iframe.php
@@ -195,7 +195,7 @@ protected function ensureSandboxValues($sandbox) {
         $values = preg_split('/,/', $sandbox);
 
         foreach ($values as $value) {
-            $value = trim($value);
+            $value = trim(htmlspecialchars($value));
             if($value) {
                 if (!in_array($value, $this->acceptedSandboxValues)) {
                     throw new InvalidValueException(
diff --git a/Configuration/TypoScript/setup.txt b/Configuration/TypoScript/setup.txt
index 0b9d190..64a9e20 100644
--- a/Configuration/TypoScript/setup.txt
+++ b/Configuration/TypoScript/setup.txt
@@ -82,6 +82,7 @@ plugin.tx_csp.settings {
 
         img {
             0 = self
+            1 = data:
         }
     }
 }