Heads up.
This will run third-party JavaScript from the ad creative inside a sandboxed iframe.
The sandbox blocks same-origin access (no reads of cookies, storage, or this UI's APIs),
but the creative will contact its own ad servers (impression beacons, viewability,
click trackers). Don't preview untrusted creatives on a sensitive network.