Open Bug 1618676 Opened 5 years ago Updated 2 years ago

Consider applying lazy-load root margin to cross-origin / OOP iframes?

Categories

(Core :: Layout, enhancement)

Product:
Core
Component:
Layout
Type:
enhancement

Tracking

()

People

(Reporter: emilio, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [not-a-fission-bug])

It's unclear if we can do it and if so which kind of information from the top-level viewport we would expose to the cross-origin iframe.

For Regular IntersectionObserver we don't apply root margins, because percentages would expose the size of the viewport (or that's my reading). But it seems that given the root margin is in our control we wouldn't be exposing so much to the third-party context.

If we decide this is not an issue even for percentages, then this rect should be fixed and be the top level document rect instead.

That being said this is probably wontfix, just filing to capture the conversation me and Hiro just had about this.

Type: defect → enhancement

Adding [fission-] tag because this is not a Fission-specific bug.

Whiteboard: [fission-]

I'm not sure I understand the concern here. Can you explain more, maybe show a demo?

It seems good to get interop on this case.

Flags: needinfo?(emilio)

So the root margin doesn't get applied on cross-origin stuff per https://w3c.github.io/IntersectionObserver/#intersectionobserver-root-intersection-rectangle:

For any target which belongs to the same unit of related similar-origin browsing contexts as the intersection root, the rectangle is then expanded according to the offsets in the IntersectionObserver’s [[rootMargin]] slot in a manner similar to CSS’s margin property, with the four values indicating the amount the top, right, bottom, and left edges, respectively, are offset by, with positive lengths indicating an outward offset. Percentages are resolved relative to the width of the undilated rectangle.

I'm not quite sure of what the concern is myself, I suspect you don't want to leak the top-level viewport size and such, which you can if you know the margin? Unclear.

But right now that limitation is inherited to lazyload. It's unclear if it should or not.

Flags: needinfo?(emilio)

I'm guessing you can create many observers with different root margins and thereby find out parent sizing information? Not having this protection for <img loading=lazy> would then leak one bit of information about the parent, Firefox's builtin margin.

If this analysis sounds roughly accurate I suggest we needinfo :dbaron and :tjr for insights.

(See also https://github.com/w3c/IntersectionObserver/issues/161 for the broken security check in that specification.)

Not a Fission bug

Whiteboard: [fission-] → [not-a-fission-bug]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.