toddreifsteck
commented
5 years ago Consider solving this and https://github.com/w3c/longtasks/issues/53
Closed rniwa closed 2 years ago
toddreifsteck
commented
5 years ago Consider solving this and https://github.com/w3c/longtasks/issues/53
tdresser
commented
5 years ago It's true that just looking at attribution will expose what's going on, but we still need to use some string as the name.
If we aren't using multiple-contexts as the name, what would we use?
yoavweiss
commented
2 years ago Can we close this?
clelland
commented
2 years ago Since it's an information leak to disclose whether a cross origin iframe contained another iframe or not
This is information that has been available for as long as JavaScript has been around: the frame tree, including cross-origin frames and their descendants, is traversable through indexed access on the Window object.
At any rate, after two years, I think this is closable.
Since it's an information leak to disclose whether a cross origin iframe contained another iframe or not, this would only apply to the same origin iframe. If that were the case, the script can simply look at
attributionand infer that there were multiple frames involved.