- From: L. David Baron <notifications@github.com>
- Date: Tue, 18 Dec 2018 16:12:27 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 19 December 2018 00:12:49 UTC
So as discussed starting in the third bullet of https://github.com/mozilla/standards-positions/issues/109#issuecomment-443037333 (though I believe there's been a bit of progress since that comment), one of my concerns is that it's not clear to me that this is specified in a way that will give sufficient interoperability -- and this is particularly important because the basic use case for the spec seems to be the desire to deny users access to content when it's being used in a way that is unexpectedly insecure (e.g., being partly obscured or interfered with by the page containing the `<iframe>`. If the conditions that are considered interference are different between browsers, then this could lead to users of some browsers being denied access to the content in the normal use case. In other words, getting interoperability right here is particularly important because the use case is a security mechanism that will lead to users being denied access to content. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/328#issuecomment-448420331
Received on Wednesday, 19 December 2018 00:12:49 UTC