On Jun 15, 2009, at 9:10 AM, Andrei Popescu wrote: > On Mon, Jun 15, 2009 at 5:05 PM, Erik Wilde<dret@berkeley.edu> wrote: >> hello doug. >> >> Doug Turner wrote: >>> >>> Mobile Safari (Greg can confirm), Google Gears (including >>> Android), and >>> Firefox 3.5 do not restrict device apis to TLD -- IFRAMEs are >>> allowed to >>> access each geolocation. I suggested we consider restricting >>> these sorts of >>> APIs at the Device Security Workgroup back in December. It was >>> more of a >>> strawman position I took to get feedback, and much of the feedback >>> was >>> considerations around what we would break. >> >> just confirming to understand what's going on: this means when a >> site is >> granted access to location, all 3rd parties behind it will have >> access to >> the user's location as well, right? > > Wrong. Only that site will be granted access to location. Any 3rd > party (i.e. content from any other origin) will have to get permission > from the user separately. > > Andrei > what Andrei said.Received on Monday, 15 June 2009 16:14:53 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 18:13:32 GMT