isIntersecting leaks information cross-origin #508
Description
See WICG/scroll-to-text-fragment#79
Even without Text Fragments, IntersectionObserver (and therefore also lazy-loading images) leaks scrolling position in the parent to cross-origin iframes (e.g. ads). The iframe can use IntersectionObserver on itself and detect when the iframe comes into view in the parent.
That might be useful for e.g. ad visibility measurement and other things, but is it OK to leak the user's scroll position from a privacy perspective? Leaking text content in the parent seems not OK (issue #79), but making sites opt out of text fragment scrolling as the only measure doesn't seem ideal since most sites won't know this is an issue and won't opt out. The opt out also disables regular fragment scrolling which may not be desirable.
A more thorough measure could be to make IntersectionObserver in cross-origin iframes act as if the iframe is always visible in the parent. The parent can still communicate iframe visibility to the iframe via postMessage and we could maybe add an opt-in to the current behavior with <iframe allow="...">.
I'm not sure if there are other APIs that are similarly problematic.