diff --git a/files/en-us/web/html/element/iframe/index.md b/files/en-us/web/html/element/iframe/index.md
index 893a018ec088127..f04ef993f4e098d 100644
--- a/files/en-us/web/html/element/iframe/index.md
+++ b/files/en-us/web/html/element/iframe/index.md
@@ -124,7 +124,10 @@ This element includes the [global attributes](/en-US/docs/Web/HTML/Global_attrib
     >
     > - When the embedded document has the same origin as the embedding page, it is **strongly discouraged** to use both `allow-scripts` and `allow-same-origin`, as that lets the embedded document remove the `sandbox` attribute — making it no more secure than not using the `sandbox` attribute at all.
     > - Sandboxing is useless if the attacker can display content outside a sandboxed `iframe` — such as if the viewer opens the frame in a new tab. Such content should be also served from a _separate origin_ to limit potential damage.
-    > - When opening a link from an embedded page with the `sandbox` attribute, the Auxiliary Window is restricted to the same `sandbox` values unless `allow-popups-to-escape-sanbox` is included.
+
+    > **Note:**
+    >
+    > - When opening a link from an embedded page with the `sandbox` attribute, the Auxiliary Window is restricted to the same `sandbox` values unless `allow-popups-to-escape-sandbox` is included.
 
 
 - `src`