- From: arturjanc <notifications@github.com>
- Date: Fri, 06 Apr 2018 19:00:28 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Saturday, 7 April 2018 02:00:51 UTC
John, I'm not sure I follow the frame-focused reasoning in your proposal; IIUC under this logic `evil.com` could not have any frames but still load `victim.com/secret.txt` as an `<img>` or another subresource type, which would then allow it to exfiltrate its contents. Or am I misunderstanding the approach? Wouldn't the real solution from Spectre-like exfiltration be to have something like https://www.chromium.org/developers/design-documents/oop-iframes? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/687#issuecomment-379424368
Received on Saturday, 7 April 2018 02:00:51 UTC