ID Attribute framing protection bypass link

[003random]

Hi!
I was reading some more about some fun attacks (having much fun reading all of it) and I noticed that https://xsleaks.dev/docs/attacks/id-attribute/ states that framing protections won't defend against the ID attribute XS-Leak.

https://xsleaks.dev/docs/attacks/experiments/portals/ explains more about this, but Im missing a link between these 2 pages. As a reader, it would be very nice to learn about this bypass right after reading in the first link that XFO wont protect against this type of leak.

[terjanq]

Looks like COOP and XFO have been switched

[NDevTK]

Yeah COOP would only be a defense if scrolling was detectable on a cross-origin window.
Bypassing XFO to leak information using portals would be a security regression so hopefully they don't continue that :/

[NDevTK]

@003random PR #141 was merged does this fix the issue?