- From: Craig Francis via GitHub <sysbot+gh@w3.org>
- Date: Wed, 07 Apr 2021 10:59:17 +0000
- To: public-css-archive@w3.org
Regarding "use cases" - Consider all 3rd party content, like user comments (disqus), videos, maps, tweets, facebook feeds, calendars, gists, ads, etc... it would be much safer if they were in an `<iframe>`, using their own isolated process ([ref spectre](https://w3c.github.io/webappsec-post-spectre-webdev/)), and did not involve the host website including an unsafe/dangerous 3rd party `<script>` (which grants far too much access). I should also note that before [Safari 13 on iOS](https://developer.apple.com/documentation/safari-release-notes/safari-13-release-notes#Removed-Features), iframes were re-sized automatically (to avoid the scroll bar), with none of these security considerations. -- GitHub Notification of comment by craigfrancis Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1771#issuecomment-814817803 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 7 April 2021 10:59:19 UTC