Don't permit an iframe to navigate the top level browsing context unless they are same-origin or the iframe is processing a user gesture. Mac, Windows, Linux, Chrome OS, Android
Highly experimental performance mode where cross-site iframes are kept in a separate process from the top document. In this mode, iframes from different third-party sites will be allowed to share a process. Mac, Windows, Linux, Chrome OS, Android
Highly experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-si
これのことかな Ver.63.0.3239.40 (スコア:0)
chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture
Don't permit an iframe to navigate the top level browsing context unless they are same-origin or the iframe is processing a user gesture. Mac, Windows, Linux, Chrome OS, Android
もうちょい前からあった気がするけど
有効化させたときのVer.覚えてないや
Re: (スコア:0)
追記
もしこっちも有効化されると
迂回策がでそうなんだが
どうなんだろう
chrome://flags/#enable-top-document-isolation
Highly experimental performance mode where cross-site iframes are kept in a separate process from the top document. In this mode, iframes from different third-party sites will be allowed to share a process. Mac, Windows, Linux, Chrome OS, Android
あと
こっちとあるんだが
上記と排他なのかな
chrome://flags/#enable-site-per-process
Highly experimental security mode that ensures each renderer process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-si