Experiments

Portals

October 1, 2020

Portals are a new feature of the web which is similar to iframes, but with more emphasis on speed and user experience. The portal element is only available on Chromium-based browsers under a preference flag. The corresponding specification is still under active discussion. Unfortunately, research of this new feature has discovered some critical issues, including new XS-Leaks 1. ID Leaks # Portals can be abused as an alternative to the ID Attribute XS-Leak. ...

Scroll to Text Fragment

October 1, 2020

Scroll to Text Fragment (STTF) is a new web platform feature that allows users to create a link to any part of a web page text. The fragment #:~:text= carries a text snippet that is highlighted and brought into the viewport by the browser. This feature can introduce a new XS-Leak if attackers are able to detect when this behavior occurs. This issue is very similar to the Scroll to CSS Selector XS-Leak. ...