Experiments

Portals

October 1, 2020

Category Experiments

Portals are a new feature of the web similar to iframes with more emphasis on speed and user experience. The portal element is only available on Chromium-based browsers under a preference flag. The corresponding specification is still under active discussion. Unfortunately, some research over this new feature found critical issues, including new XS-Leaks 1. ID Leaks # Portals can be abused as an alternative for the ID Attribute XS-Leak. If the website sets framing protections, the same technique can be applied using the portal element instead 2. ...

Scroll to Text Fragment

October 1, 2020

Abuse onblur, focus, iframes

Category Experiments

Scroll to Text Fragment (STTF) is a new web platform feature that allows users to create a link to any part of a web page text. The fragment #:~:text= carries a text snippet that is highlighted and brought into the viewport by the browser. This feature can introduce a new XS-Leak if attackers are able to detect when this behavior occurs. This issue is very similar to the Scroll to CSS Selector XS-Leak. ...