diff --git a/airflow-core/src/airflow/ui/src/pages/Iframe.tsx b/airflow-core/src/airflow/ui/src/pages/Iframe.tsx
index 9256a463b08b9..b6e3aa00cc911 100644
--- a/airflow-core/src/airflow/ui/src/pages/Iframe.tsx
+++ b/airflow-core/src/airflow/ui/src/pages/Iframe.tsx
@@ -44,10 +44,14 @@ export const Iframe = () => {
     return <ErrorPage />;
   }
 
+  // The following iframe sandbox setting is intentionally less restrictive.
+  // ONLY trusted contents can be framed within Iframe.
+  const sandbox = "allow-same-origin allow-forms";
+
   return (
     <Box flexGrow={1} m={-3}>
       <iframe
-        sandbox="allow-same-origin allow-forms"
+        sandbox={sandbox}
         src={iframeView.href}
         style={{ height: "100%", width: "100%" }}
         title={iframeView.name}
diff --git a/airflow-core/src/airflow/ui/src/pages/Security.tsx b/airflow-core/src/airflow/ui/src/pages/Security.tsx
index 3a6061478ebad..d984935ffdb31 100644
--- a/airflow-core/src/airflow/ui/src/pages/Security.tsx
+++ b/airflow-core/src/airflow/ui/src/pages/Security.tsx
@@ -43,14 +43,15 @@ export const Security = () => {
     return <ErrorPage />;
   }
 
+  // The following iframe sandbox setting is intentionally less restrictive.
+  // This is considered safe because the framed content originates from the Auth manager,
+  // which is part of the deployment of Airflow and trusted as per our security policy.
+  //    https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html
+  const sandbox = "allow-scripts allow-same-origin allow-forms";
+
   return (
     <Box flexGrow={1} m={-3}>
-      <iframe
-        sandbox="allow-same-origin allow-forms"
-        src={link.href}
-        style={{ height: "100%", width: "100%" }}
-        title={link.text}
-      />
+      <iframe sandbox={sandbox} src={link.href} style={{ height: "100%", width: "100%" }} title={link.text} />
     </Box>
   );
 };
diff --git a/scripts/ci/pre_commit/ts_compile_lint_ui.py b/scripts/ci/pre_commit/ts_compile_lint_ui.py
index 3e817285e2230..93fdcd149b75b 100755
--- a/scripts/ci/pre_commit/ts_compile_lint_ui.py
+++ b/scripts/ci/pre_commit/ts_compile_lint_ui.py
@@ -47,6 +47,8 @@
     all_non_yaml_files = [file for file in files if not file.endswith(".yaml")]
     print("All non-YAML files:", all_non_yaml_files)
     all_ts_files = [file for file in files if file.endswith(".ts") or file.endswith(".tsx")]
+    if all_ts_files:
+        all_ts_files.append("src/vite-env.d.ts")
     print("All TypeScript files:", all_ts_files)
 
     run_command(["pnpm", "config", "set", "store-dir", ".pnpm-store"], cwd=dir)