W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2016

Re: [sensors] Malicious use of the phone's Gyroscope

From: Tobie Langel <tobie@sensors.codespeaks.com>
Date: Wed, 08 Jun 2016 15:36:42 +0200
Message-Id: <1465393002.3120008.631607873.33E9BF7E@webmail.messagingengine.com>
To: public-device-apis@w3.org
On Wed, 8 Jun 2016, at 12:02, Olli Pettay wrote:
> On 06/08/2016 11:24 AM, Tobie Langel via GitHub wrote:
> >> For example, if the spec explicitly states that orientation events
> > must be
> > paused/suspended if the page, tab or browser is in the 'background'
> > whether
> > this could alleviate the security concerns.
> >
> > See [Browsing
> > Context](https://w3c.github.io/sensors/#browsing-context) for this.
> >
> 
> two things:
> - https://w3c.github.io/sensors/#browsing-context is overly strict.
>    Other specs, like DeviceOrientation recommends firing events only on
>    toplevel browsing context _and_ same origin
>    nested browsing context. (those nested context can anyhow get the data
>    from top level so no need to restrict them out.)
> 
> - it is a bit vaguely said that "must only be available in the top-level
> browsing context" ... "For example ...not on the background tabs"
>    Background tabs are top level browsing contexts.

Think you could open a separate issue about this?
 
Thanks,
 
--tobie
Received on Wednesday, 8 June 2016 13:37:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC