embedded iframes and popups won't need to deploy COEP in
this model?
Yes. They also wouldn't need to deploy COOP, and so would be able to
interact with cross-origin popups.
On Fri, Apr 5, 2024 at 12:14 PM Camille Lamy wrote:
Yes the user agent keying is deterministic, and we're adding
Contact emails
v...@chromium.org cl...@chromium.org
Explainer
https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k
Specification
https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects
Design docs Including the new security requirements
could be that this is
>>>>> considered fine and might be outweighed by the benefits of the proposal,
>>>>> though it does have some implications for web developers and for the
>>>>> browser's implementation:
>>>>>
>>>>>- Web
Contact emailscl...@google.com
Explainerhttps://github.com/explainers-by-googlers/document-isolation-policy
SpecificationNone
Summary
Document-Isolation-Policy allows a document to enable crossOriginIsolation
for itself, without having to deploy COOP or COEP, and regardless of the
Contact emails
v...@chromium.org cl...@chromium.org
Explainer
https://docs.google.com/document/d/1zDlfvfTJ_9e8Jdc8ehuV4zMEu9ySMCiTGMS9y0GU92k
Specification
https://tc39.github.io/ecma262/#sec-sharedarraybuffer-objects
Design docs Including the new security requirements
Hi Khushal,
I am reviewing this for security as part of the OWP S review process. I
had a few questions regarding the API to make sure we're assessing
it correctly.
1. Is the render blocking attribute something that only applies to one
particular document, and does not block rendering of
In the S review, we were wondering if the memory pressure case event was
an event exposed to the web page or an internal Chrome event? In the latter
case, there may be a potential for XS-Leaks.
Thanks!
On Monday, March 20, 2023 at 3:57:24 PM UTC+1 Mike Taylor wrote:
> LGTM to experiment in
Hi Jeremy,
We've been reviewing this intent as part of the S review process and had
a few questions:
- Does the document rules only apply to same-origin links in the page?
- Is the delivery type gated behind TAO?
Thanks!
Camille
On Friday, December 16, 2022 at 8:58:14 PM UTC+1 Rick
Hi!
We looked at this as part of the Security & privacy review process for Web
Platform intents, and we were wondering about the feature behavior with
regards to iframes. Specifically, we were concerned about the potential for
a child frame to draw custom content over its parent using this
; CSSStyleSheet between cross-origin documents? If you passed it around via
>>> postMessage, it'd be a (structured clone) copy, so it would no longer be
>>> shared. I agree that it'd be a (huge) privacy concern if this were
>>> possible, but I don't see how it could b
Hi Mason,
We reviewed this intent in the S review today, and we were not quite
clear on the scope of the change. In particular, is it possible for
cross-origin documents to share the adoptedStyelSheets? If so, can a style
sheet used across cross-origin documents be modified and the
11 matches
Mail list logo
