All previously described origin-level content-isolation policies, and the accompanying context inheritance and document navigation logic, work hand in hand to form the bulk of the browser security model. Impenetrable and fragile, that model is also incomplete: A handful of interesting corner cases completely escape any origin-based frameworks.

The security risks associated with these corner cases can’t be addressed simply by fine-tuning the mechanisms discussed earlier in this book. Instead, additional, sometimes hopelessly imperfect security boundaries need to be created from scratch. These new boundaries may, for example, further restrict the ability of rogue web pages to navigate to certain URLs.

This chapter ...