iframe attribute for limiting same-origin iframe document access

Feature: iframe attribute for limiting same-origin iframe document access (No longer pursuing)

Two primary goals: - Be able to embed iframes that have same-origin as other frames in the frame tree but not be able to directly script them. - Have a same-origin iframe with other iframes be in a separate event loop.

Motivation

Allowing cross-document DOM access has made the web very complicated. Wouldn't it be nice if individual pages could opt themselves or their frames into a simplier mode which didn't allow cross-document access?

Documentation

https://github.com/whatwg/html/pull/4606

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>DOM

Implementation status: No longer pursuing (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Harmful
Edge: No signal
Safari: No signal
Web Developers: No signals

Owner

dtapuska@chromium.org

Last updated on 2021-06-09