diff --git a/static/js/directives/odfcanvas.js b/static/js/directives/odfcanvas.js
index 449d5e41..9ce853cb 100644
--- a/static/js/directives/odfcanvas.js
+++ b/static/js/directives/odfcanvas.js
@@ -36,7 +36,7 @@ define(['require', 'underscore', 'jquery', 'text!partials/odfcanvas_sandbox.html
 			template = template.replace(/__PARENT_ORIGIN__/g, $window.location.protocol + "//" + $window.location.host);
 			template = template.replace(/__WEBODF_SANDBOX_JS_URL__/g, restURL.createAbsoluteUrl(require.toUrl('sandboxes/webodf') + ".js"));
 			template = template.replace(/__WEBODF_URL__/g, restURL.createAbsoluteUrl(require.toUrl('webodf') + ".js"));
-			var sandboxApi = sandbox.createSandbox(container, template, "allow-scripts", null, {
+			var sandboxApi = sandbox.createSandbox(container, template, null, "allow-scripts", null, {
 				allowfullscreen: true,
 				mozallowfullscreen: true,
 				webkitallowfullscreen: true
diff --git a/static/js/directives/pdfcanvas.js b/static/js/directives/pdfcanvas.js
index fd6c8e86..a89f50bc 100644
--- a/static/js/directives/pdfcanvas.js
+++ b/static/js/directives/pdfcanvas.js
@@ -36,7 +36,7 @@ define(['require', 'underscore', 'jquery', 'text!partials/pdfcanvas_sandbox.html
 			template = template.replace(/__PDFJS_URL__/g, restURL.createAbsoluteUrl(require.toUrl('pdf') + ".js"));
 			template = template.replace(/__PDFJS_WORKER_URL__/g, restURL.createAbsoluteUrl(require.toUrl('pdf.worker') + ".js"));
 			template = template.replace(/__PDFJS_COMPATIBILITY_URL__/g, restURL.createAbsoluteUrl(require.toUrl('libs/pdf/compatibility') + ".js"));
-			var sandboxApi = sandbox.createSandbox(container, template, "allow-scripts", null, {
+			var sandboxApi = sandbox.createSandbox(container, template, null, "allow-scripts", null, {
 				allowfullscreen: true,
 				mozallowfullscreen: true,
 				webkitallowfullscreen: true
diff --git a/static/js/directives/youtubevideo.js b/static/js/directives/youtubevideo.js
index 46e85758..93a484dc 100644
--- a/static/js/directives/youtubevideo.js
+++ b/static/js/directives/youtubevideo.js
@@ -116,7 +116,7 @@ define(['require', 'jquery', 'underscore', 'moment', 'text!partials/youtubevideo
 					var template = sandboxTemplate;
 					template = template.replace(/__PARENT_ORIGIN__/g, $window.location.protocol + "//" + $window.location.host);
 					template = template.replace(/__YOUTUBE_SANDBOX_JS_URL__/g, restURL.createAbsoluteUrl(require.toUrl('sandboxes/youtube') + ".js"));
-					sandboxApi = sandbox.createSandbox($(".youtubeplayercontainer", $element)[0], template, "allow-scripts allow-same-origin", "youtubeplayer");
+					sandboxApi = sandbox.createSandbox($(".youtubeplayercontainer", $element)[0], template, null, "allow-scripts allow-same-origin", "youtubeplayer");
 
 					sandboxApi.e.on("message", function(event, message) {
 						var msg = message.data;
diff --git a/static/js/services/sandbox.js b/static/js/services/sandbox.js
index 774efffc..f351e9ad 100644
--- a/static/js/services/sandbox.js
+++ b/static/js/services/sandbox.js
@@ -24,18 +24,35 @@ define(["jquery", "underscore"], function($, _) {
 
 	return ["$window", function($window) {
 
-		var Sandbox = function(container, template, sandbox, className, attrs) {
-			var blob = new $window.Blob([template], {type: "text/html;charset=utf-8"});
-			this.url = $window.URL.createObjectURL(blob);
+		var Sandbox = function(container, template, url, sandbox, className, attrs) {
+			this.container = container;
+			this.sandbox = sandbox ? sandbox : "";
+			this.className = className;
+			this.attrs = attrs;
+			if (template) {
+				var blob = new $window.Blob([template], {type: "text/html;charset=utf-8"});
+				this.url = this.blobUrl = $window.URL.createObjectURL(blob);
+			} else if (url) {
+				this.url = url;
+			}
+			if (this.url) {
+				this.create();
+			}
+		};
+
+		Sandbox.prototype.create = function() {
+			if (!this.url) {
+				return;
+			}
 			var iframe;
-			var $container = $(container);
+			var $container = $(this.container);
 			if ($container.is("iframe")) {
 				// Container is iframe.
-				if (className) {
-					$container.addClass(className);
+				if (this.className) {
+					$container.addClass(this.className);
 				}
-				if (attrs) {
-					$container.attr(attrs);
+				if (this.attrs) {
+					$container.attr(this.attrs);
 				}
 				iframe = $container[0];
 				iframe.src = this.url;
@@ -43,12 +60,12 @@ define(["jquery", "underscore"], function($, _) {
 			} else {
 				// Create iframe.
 				iframe = $window.document.createElement("iframe");
-				iframe.sandbox = sandbox;
-				if (className) {
-					iframe.className = className;
+				iframe.sandbox = this.sandbox;
+				if (this.className) {
+					iframe.className = this.className;
 				}
-				if (attrs) {
-					$(iframe).attr(attrs);
+				if (this.attrs) {
+					$(iframe).attr(this.attrs);
 				}
 				iframe.src = this.url;
 				$container.append(iframe);
@@ -69,10 +86,13 @@ define(["jquery", "underscore"], function($, _) {
 				$window.removeEventListener("message", this.handler, false);
 				this.handler = null;
 			}
-			if (this.url) {
-				$window.URL.revokeObjectURL(this.url);
-				this.url = null;
+			if (this.blobUrl) {
+				$window.URL.revokeObjectURL(this.blobUrl);
+				this.blobUrl = null;
 			}
+			this.url = null;
+			this.container = null;
+			this.attrs = null;
 			if (this.created) {
 				$(this.iframe).remove();
 			}