> There's a bit of an overloaded terminology that confuses me: when you refer to a cross-origin subframe, are we talking about a cross-origin fenced frame or an iframe? My recollection is that in a fenced frame case, one cannot use postMessage to communicate with its embedder. Having this data sent, if that's the case, would seem to introduce a new information sharing channel. If the subframe here refers to an iframe, then I agree that there's no novel channel.
I should've been more explicit when stating what that was referring to. Cross-origin subframes are referring to iframes and not fenced frames in this case. And yes, postMessage isn't allowed between fenced frames and their embedder and continues to be disallowed after this change. On Tuesday, April 1, 2025 at 10:03:26 PM UTC-4 vmp...@chromium.org wrote: > This does not change the privacy story nor does it introduce a privacy > regression, as cross-origin subframes can currently postMessage() data to > the root that the root frame can then use as automatic beacon data. Both > the existing capability as well as the proposed changes involve the root > fenced frame document and the cross-origin subframe document opting-in to > this sharing. > > > There's a bit of an overloaded terminology that confuses me: when you > refer to a cross-origin subframe, are we talking about a cross-origin > fenced frame or an iframe? My recollection is that in a fenced frame case, > one cannot use postMessage to communicate with its embedder. Having this > data sent, if that's the case, would seem to introduce a new information > sharing channel. If the subframe here refers to an iframe, then I agree > that there's no novel channel. > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7519c382-43ff-4875-8b7f-1f373d832d9fn%40chromium.org.
