iframe attribute for limiting same-origin iframe document access
Two primary goals: - Be able to embed iframes that have same-origin as other frames in the frame tree but not be able to directly script them. - Have a same-origin iframe with other iframes be in a separate event loop.
Allowing cross-document DOM access has made the web very complicated. Wouldn't it be nice if individual pages could opt themselves or their frames into a simplier mode which didn't allow cross-document access?
Status in Chromium
Enabled by default (tracking bug) in:
- Chrome for desktop release 87
- Chrome for Android release 87
- Android WebView release 87
Consensus & Standardization
Last updated on 2020-10-20