From 35c581a6b2468cc40cb7de705ec71f737d9df86b Mon Sep 17 00:00:00 2001
From: Yoav Weiss <yoav.weiss@shopify.com>
Date: Fri, 9 Aug 2024 11:14:54 +0200
Subject: [PATCH] Tighten the warning against other leaks

---
 source | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source b/source
index ddb9db2b1e1..72d61c4a31a 100644
--- a/source
+++ b/source
@@ -86599,6 +86599,12 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
      sensitive information.</li>
      <li>Autofill which may not require user interaction for same-origin documents.</li>
     </ul>
+    <p>Developers using <code data-x="coop-noopener-allow-popups">nooopener-allow-popups</code>
+    need to make sure that their sensitive applications don't rely on client-side features
+    accessible to other same-origin documents, e.g. localStorage and other client-side storage APIs,
+    BroadcastChannel and related same-origin communication mechanisms. They also need to make sure
+    that their server-side endpoints don't return sensitive data to non-navigation requests, whose
+    response content is accessible to same-origin documents.</p>
     </div>
    </dd>
   </dl>