[csswg-drafts] [css-mediaqueries] Should prefers-color-scheme in iframes be context-dependent? (#7493) from Emilio Cobos Álvarez via GitHub on 2022-07-13 (public-css-archive@w3.org from July 2022)

From: Emilio Cobos Álvarez via GitHub <sysbot+gh@w3.org>
Date: Wed, 13 Jul 2022 17:51:22 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-1303757521-1657734680-sysbot+gh@w3.org>

emilio has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-mediaqueries] Should prefers-color-scheme in iframes be context-dependent? ==
This is a follow-up for #7213.

It seems in that issue, we were in general agreement that doing this for images and maybe even same-origin `<iframe>`s would be ok, but @tabatkins and @smfr mentioned that cross-origin frames might not be ok, and I'm curious about the reasoning for that, since other similar alterations like https://github.com/w3c/csswg-drafts/issues/4772 have no same-origin restrictions. When I talked about this with the security folks at Mozilla, there didn't seem to be a particularly interesting attack vector here.

This would be useful both for consistency, but also because it would allow use cases like https://github.com/w3c/csswg-drafts/issues/7213#issuecomment-1144016642 to work. Otherwise, there's no way to have a transparent iframe without coordination with the embedder page, even if the embedded page could support both light and dark color schemes.

cc @smfr, @chrishtr, @lilles, @tabatkins

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/7493 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 13 July 2022 17:51:23 UTC