Skip to site navigation (Press enter)
Re: [blink-dev] Intent to Ship: Responsively-sized
</span></a></span> </h1> <p class="darkgray font13"> <span class="sender pipe"><a href="/search?l=blink-dev@chromium.org&q=from:%22Mike+Taylor%22" rel="nofollow"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><span itemprop="name">Mike Taylor</span></span></a></span> <span class="date"><a href="/search?l=blink-dev@chromium.org&q=date:20260528" rel="nofollow">Thu, 28 May 2026 13:31:20 -0700</a></span> </p> </div> <div itemprop="articleBody" class="msgBody"> <!--X-Body-of-Message--> <tt>LGTM3, with the same note as Vlad - let's make sure Security & Privacy </tt><tt>gates are approved before shipping. </tt><pre style="margin: 0em;"> On 5/26/26 4:01 p.m., Vladimir Levin wrote: </pre><blockquote style="border-left: #5555EE solid 0.2em; margin: 0em; padding-left: 0.85em"><tt>Thank you for your replies. I'm happy to delegate to Privacy and WP </tt><tt>Security reviews on the subject of whether CSP is sufficient to </tt><tt>prevent malicious cases. I am curious of the results, do you know if </tt><tt>the discussion is ongoing and/or reaching a resolution? </tt><pre style="margin: 0em;"></pre><pre> </pre><tt>LGTM2. However, please make sure both Privacy and WP Security gates </tt><tt>are fully complete before enabling this (as should be the case anyway :) ) </tt><pre style="margin: 0em;"> Thanks! Vlad On Tue, May 26, 2026 at 5:21 AM 一丝 <yio...@gmail.com> wrote: Hi Koji, This is absolutely amazing—it addresses a long-standing pain point on the web. Currently, many pages feature feed streams that load as the user scrolls. Does the current implementation support pages with dynamically changing heights like this? I noticed the `window.requestResize()` method in the specification, but I’m not sure if it can handle this scenario. Could you add some clarification to the explainer? 在2026年5月25日星期一 UTC+8 16:52:19<ko...@chromium.org> 写道: 2026年5月20日(水) 23:07 Vladimir Levin <vmp...@chromium.org>: From the explainer, the defense against malicious sites embedding an opted-in frame is mitigated by `X-Frame-Options`, but I suspect it's `Content-Security-Policy: frame-ancestors` that's needed here for cross-origin allowed embeds. Is that right? I think you're right, I'll update the explainer. Thanks for catching. Also the explainer mentions that possibly there's ideas to change the meta tag itself: > Additional restrictions could be put in place through contents of the <meta> tag that would restrict to only explicitly allowed origins. Out of curiosity, is this being pursued in future work or is CSP deemed enough? I expect to extend this feature further after the initial ship, as I see even more interest from web authors than I expected. How it would be done is still not determined yet. </pre><tt> -- </tt><tt> You received this message because you are subscribed to the Google </tt><pre style="margin: 0em;"> Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/49ffe305-788a-4df7-b394-2a96ca96f28fn%40chromium.org">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/49ffe305-788a-4df7-b394-2a96ca96f28fn%40chromium.org</a> <<a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/49ffe305-788a-4df7-b394-2a96ca96f28fn%40chromium.org?utm_medium=email&utm_source=footer">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/49ffe305-788a-4df7-b394-2a96ca96f28fn%40chromium.org?utm_medium=email&utm_source=footer</a>>. </pre></blockquote><pre style="margin: 0em;"> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8a33467e-4c3b-4465-b657-329816c9ebcf%40chromium.org">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8a33467e-4c3b-4465-b657-329816c9ebcf%40chromium.org</a>. </pre> </div> <div class="msgButtons margintopdouble"> <ul class="overflow"> <li class="msgButtonItems"><a class="button buttonleft " accesskey="p" href="msg16598.html">Previous message</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="c" href="index.html#16649">View by thread</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="i" href="maillist.html#16649">View by date</a></li> <li class="msgButtonItems textalignright"><a class="button buttonright " accesskey="n" href="msg16533.html">Next message</a></li> </ul> </div> <a name="tslice"></a> <div class="tSliceList margintopdouble"> <ul class="icons monospace"> <li class="icons-email"><span class="subject"><a href="msg16532.html">[blink-dev] Intent to Ship: Responsively-sized <iframe&g...</a></span> <span class="sender italic">Koji Ishii</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16543.html">Re: [blink-dev] Intent to Ship: Responsively-sized <...</a></span> <span class="sender italic">Mike Taylor</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16547.html">Re: [blink-dev] Intent to Ship: Responsively-sized...</a></span> <span class="sender italic">Alex Russell</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16566.html">Re: [blink-dev] Intent to Ship: Responsively-s...</a></span> <span class="sender italic">Vladimir Levin</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16582.html">Re: [blink-dev] Intent to Ship: Responsive...</a></span> <span class="sender italic">Koji Ishii</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16585.html">Re: [blink-dev] Intent to Ship: Respo...</a></span> <span class="sender italic">一丝</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16598.html">Re: [blink-dev] Intent to Ship: R...</a></span> <span class="sender italic">Vladimir Levin</span></li> <li><ul> <li class="icons-email tSliceCur"><span class="subject">Re: [blink-dev] Intent to Shi...</span> <span class="sender italic">Mike Taylor</span></li> </ul> </ul> </ul> </ul> </ul> </ul> </ul> </ul> </div> <div class="overflow msgActions margintopdouble"> <div class="msgReply" > <h2> Reply via email to </h2> <form method="POST" action="/mailto.php"> <input type="hidden" name="subject" value="Re: [blink-dev] Intent to Ship: Responsively-sized <iframe>"> <input type="hidden" name="msgid" value="8a33467e-4c3b-4465-b657-329816c9ebcf@chromium.org"> <input type="hidden" name="relpath" value="blink-dev@chromium.org/msg16649.html"> <input type="submit" value=" Mike Taylor "> </form> </div> </div> </div> <div class="aside" role="complementary"> <div class="logo"> <a href="/"><img src="/logo.png" width=247 height=88 alt="The Mail Archive"></a> </div> <form class="overflow" action="/search" method="get"> <input type="hidden" name="l" value="blink-dev@chromium.org"> <label class="hidden" for="q">Search the site</label> <input class="submittext" type="text" id="q" name="q" placeholder="Search blink-dev"> <input class="submitbutton" name="submit" type="image" src="/submit.png" alt="Submit"> </form> <div class="nav margintop" id="nav" role="navigation"> <ul class="icons font16"> <li class="icons-home"><a href="/">The Mail Archive home</a></li> <li class="icons-list"><a href="/blink-dev@chromium.org/">blink-dev - all messages</a></li> <li class="icons-about"><a href="/blink-dev@chromium.org/info.html">blink-dev - about the list</a></li> <li class="icons-expand"><a href="/search?l=blink-dev@chromium.org&q=subject:%22Re%5C%3A+%5C%5Bblink%5C-dev%5C%5D+Intent+to+Ship%5C%3A+Responsively%5C-sized+%3Ciframe%3E%22&o=newest&f=1" title="e" id="e">Expand</a></li> <li class="icons-prev"><a href="msg16598.html" title="p">Previous message</a></li> <li class="icons-next"><a href="msg16533.html" title="n">Next message</a></li> </ul> </div> <div class="listlogo margintopdouble"> </div> <div class="margintopdouble"> </div> </div> </div> <div class="footer" role="contentinfo"> <ul> <li><a href="/">The Mail Archive home</a></li> <li><a href="/faq.html#newlist">Add your mailing list</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/faq.html#support">Support</a></li> <li><a href="/faq.html#privacy">Privacy</a></li> <li class="darkgray">8a33467e-4c3b-4465-b657-329816c9ebcf@chromium.org</li> </ul> </div> </body> </html>