Skip to content

Commit f281b7e

Browse files
chrishtrchrishtr
authored
Update responsive-iframes-explainer.md
1 parent aab562d commit f281b7e

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

css-sizing-4/responsive-iframes-explainer.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,3 +80,5 @@ A JavaScript API could be added in the future that would allow embedded document
8080
## Privacy and security
8181

8282
Information about the contents of a cross-origin iframe can be exfiltrated by embedding it in a malicious document that observes the laid-out size of the iframe. This can be mitigated through use of the the `X-Frame-Options` HTTP header to allow embedding into only trusted embedding documents, plus the `responsive-embedded-sizing` `<meta>` tag to further opt into responsive layout. Additional restrictions could be put in place through contents of the `<meta>` tag that would restrict to only explicitly allowed origins.
83+
84+
[Fenced frames](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/fencedframe) are excluded from this feature.

0 commit comments

Comments
 (0)