and click either button. It has access to the console even from the sandbox. Is there a way to say: I want this iframe to run a script, but don't give the script access to the console?
No, but I'd still recommend looking into content security policy (CSP), iframes, and the sandboxed attribute. Even though you seem to have developed your own notion of what isolation/security should look like, the HTML spec authors have thought very carefully about this and CSP has its own internal logic. Even if you still prefer your model, at least you will be able to explain how your model differs from CSP and why it's better.
