- From: Mark Foltz via GitHub <sysbot+gh@w3.org>
- Date: Fri, 13 Nov 2015 02:39:58 +0000
- To: public-secondscreen@w3.org
Update: After discussion within Chrome and also with a discussion with @sicking, we're proposing the following solution: - There aren't any persistent permissions or threats posed by use of the API in embedded content. At best it will annoy the user by getting them to present content they don't want. The user remains in control to cancel the presentation when this happens. - We should encourage best practices for identifying what content is requesting presentation in the browser UX. - There should be a way for embedders that don't want presentation from content they embed to prevent that from happening. An `allow-presentation` tag in the sandbox attribute for `<iframe>` [1] would be an appropriate way to do that. Should we bring this proposal back to TAG/WebAppSec and/or make the attribute proposal as a "patch" to HTML5 in the Presentation API spec? [1] https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-sandbox -- GitHub Notif of comment by mfoltzgoogle See https://github.com/w3c/presentation-api/issues/79#issuecomment-156304038
Received on Friday, 13 November 2015 02:40:00 UTC