Intent to Ship: Responsively-sized <iframe>

491 views
Skip to first unread message

Koji Ishii

unread,
May 14, 2026, 5:43:41 AM (8 days ago) May 14
to blink-dev, Chris Harrelson, Ian Kilpatrick
Contact emails
chri...@chromium.orgko...@chromium.orgikilp...@chromium.org

Explainer
https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md

Specification
https://drafts.csswg.org/css-sizing-4/#responsive-iframes

Summary
Allow sites to opt into iframes having responsive sizing (sizing the <iframe> element in the parent document to the iframe document's layout overflow sizing, so that scrolling in the child document is avoided).

Blink component
Blink>Layout

Web Feature ID
Missing feature

Motivation
This is a natural feature to have for iframes, when the site wants to render the iframe content so that it looks seamless with the parent frame and avoids scrollbars.

Initial public proposal
https://github.com/whatwg/html/issues/555

TAG review
https://github.com/w3ctag/design-reviews/issues/1223

TAG review status
Pending

Goals for experimentation
None

Risks


Interoperability and Compatibility
No information provided

Gecko: No signal (https://github.com/mozilla/standards-positions/issues/1394)

WebKit: No signal (https://github.com/WebKit/standards-positions/issues/653)

Web developers: No signals Plenty of developer demand is expressed in the feature request standards issues: https://github.com/whatwg/html/issues/555 https://github.com/w3c/csswg-drafts/issues/1771 https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md#use-cases

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No information provided


Debuggability
No information provided

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes

Is this feature fully tested by web-platform-tests?
Yes
https://wpt.fyi/results/css/css-sizing/responsive-iframe?label=experimental&label=master&aligned

Flag name on about://flags
responsive-iframes

Finch feature name
ResponsiveIframes

Rollout plan
Will ship enabled for all users

Requires code in //chrome?
False

Tracking bug
https://issues.chromium.org/issues/418397278

Estimated milestones
Shipping on desktop150
Shipping on Android150
Shipping on WebView150


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

https://github.com/w3c/csswg-drafts/issues/13589 - cross-origin case left a possibility of change: "RESOLVED: Check with security folks whether cross-origin case leaking info is an issue that needs mitigation"

Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5108373464547328?gate=5102892096421888

Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/682bb3fa.2b0a0220.146035.00b7.GAE%40google.com


This intent message was generated by Chrome Platform Status.

Mike Taylor

unread,
May 17, 2026, 9:40:23 PM (4 days ago) May 17
to Koji Ishii, blink-dev, Chris Harrelson, Ian Kilpatrick
I see there's also an open PR to define the meta element https://github.com/whatwg/html/pull/12444
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHe_1dKm%3DLFTKhRKHV9m4fJsqYnw6M0YwGP63DNg%3DkUcv%2BAeQQ%40mail.gmail.com.

Alex Russell

unread,
May 18, 2026, 2:40:55 PM (3 days ago) May 18
to blink-dev, Mike Taylor, Chris Harrelson, Ian Kilpatrick, Koji Ishii
In case nobody else says it, this is an *incredible* addition to the platform. Thank you so much for making it happen.

LGTM1, pending resolution to the spec PRs.

On Sunday, May 17, 2026 at 6:40:23 PM UTC-7 Mike Taylor wrote:

On 5/14/26 5:43 a.m., Koji Ishii wrote:

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Vladimir Levin

unread,
May 20, 2026, 10:08:12 AM (yesterday) May 20
to Alex Russell, blink-dev, Mike Taylor, Chris Harrelson, Ian Kilpatrick, Koji Ishii
From the explainer, the defense against malicious sites embedding an opted-in frame is mitigated by `X-Frame-Options`, but I suspect it's `Content-Security-Policy: frame-ancestors` that's needed here for cross-origin allowed embeds. Is that right?

Also the explainer mentions that possibly there's ideas to change the meta tag itself:
> Additional restrictions could be put in place through contents of the <meta> tag that would restrict to only explicitly allowed origins.

Out of curiosity, is this being pursued in future work or is CSP deemed enough?

Thanks!
Vlad

On Mon, May 18, 2026 at 2:40 PM Alex Russell <sligh...@chromium.org> wrote:
In case nobody else says it, this is an *incredible* addition to the platform. Thank you so much for making it happen.

LGTM1, pending resolution to the spec PRs.

On Sunday, May 17, 2026 at 6:40:23 PM UTC-7 Mike Taylor wrote:

On 5/14/26 5:43 a.m., Koji Ishii wrote:

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aa96be3c-2a10-47e5-b4f4-2416625bbf3an%40chromium.org.
Reply all
Reply to author
Forward
0 new messages