October 1, 2020
Category Experiments

Portals are a new feature of the web which is similar to iframes, but with more emphasis on speed and user experience. The portal element is only available on Chromium-based browsers under a preference flag. The corresponding specification is still under active discussion.

Unfortunately, research of this new feature has discovered some critical issues, including new XS-Leaks 1.

ID Leaks #

Portals can be abused as an alternative to the ID Attribute XS-Leak. If a website sets framing protections, the same technique can be applied using the portal element instead 2.

References #

  1. Security analysis of <portal> element, link ↩︎

  2. Detecting IDs using Portal, link ↩︎