Fenced frames are frames isolated from their embedding page. More details in the explainer here: https://github.com/shivanigithub/fenced-frame

Motivation

Third party iframes can communicate with their embedding page using mechanisms like postMessage. This communication is allowed so long as it doesn’t permit cross-site recognition, a threat that browsers are trying to address by partitioning storage by the top-level site. However, there are a number of recently proposed APIs (such as Interest group based advertising, Conversion Lift Measurements, Portals, and requestStorageAccess) that must provide some degree of unpartitioned storage to embedded documents. Such documents should not be allowed to communicate with their embedders, else they will be able to join their cross-site user identifiers. This explainer proposes a new form of embedded document, called a fenced frame, that these new APIs can use to isolate themselves from their embedders, preventing cross-site recognition.

Status in Chromium

Blink>HTML


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signal
  • No signals

Owners

Last updated on 2021-01-28