We recently received this MR added WebRTC Test based on an uninitialized iFrame by zphrs · Pull Request #42 · webxdc/webxdc-test · GitHub, which mentioned the project called Snow:
Snow aspires to standardize how to recursively and securely own newborn windows (aka iframes/realms) within a browser web app, from the context of the app itself .
Snow is an experimental
tool coming in the form of a JavaScript shim that once is applied to the page exposes an API that when is provided with a callback, will make sure to call it with every new window that is being injected to DOM, before its creator gets a hold on it.
It would be interesting to see if we can / should utilize it in our webxdc isolation code, or simply take a look at what measures they take to see if our isolation code is vulnerable to something.