[RandomDistort]

Is there some document somewhere that lists all the potential ways of doing stuff like this?

[Herrera]

Yeah, https://xsleaks.dev tracks most of the known ways to leak cross-origin data.

[smagin]

oh hell yes. And oh yes iframes and postmessages, of course people would setup them incorrectly and even if they do some (probably not that important but still) data will leak if you're creative enough. Thanks for the link!