Malvoz
commented
2 years ago See related: https://github.com/w3c/webappsec-permissions-policy/issues/171 / the vertical-scroll document policy feature.
Open ms609 opened 2 years ago
Malvoz
commented
2 years ago See related: https://github.com/w3c/webappsec-permissions-policy/issues/171 / the vertical-scroll document policy feature.
An iframe can cause its parent window to scroll to another position, for example using
document.body.scrollIntoView();There seems to be no way to override (prohibit) this behaviour under the present w3c specification. StackOverflow user Kaiido has suggested a solution that exploits a bug in Chrome, which raises the question as to whether a CSS solution to prevent cross-source scrolling would be possible.
Further details at the StackOverflow answer.