Intent to Implement: document-access feature policy

907 views

Skip to first unread message

Dave Tapuska

unread,

Jul 29, 2019, 2:21:13 PM7/29/19

to blink-dev

Contact emails

dtap...@chromium.org

Explainer

https://github.com/dtapuska/documentaccess

Spec

Proposed HTML spec changes: https://github.com/whatwg/html/pull/4606

TAG review: https://github.com/w3ctag/design-reviews/issues/397

Summary

Be able to embed iframes that have same-origin as other frames in the frame tree but not be able to directly script them. Have same-origin iframes with other iframes be in a separate event loop.

Motivation

Allowing cross-document DOM access has made the web very complicated. Wouldn't it be nice if individual pages could opt themselves or their frames into a simplier mode which
didn't allow cross-document access?

Risks

Interoperability and Compatibility

Explicit Opt In.

Edge: No signals

Firefox: No signals

Safari: No signals

Web / Framework developers: Positive.

Ergonomics/Activation

Ergonomics and Activation issues are that this can only be set in a HTTP header because it needs to come before document creation. But this is consistent with other sandboxing policies.

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes.

Link to entry on the feature dashboard

https://chromestatus.com/feature/5648946183536640

Requesting approval to ship?

Reply all

Reply to author

Forward

0 new messages