Re: [csswg-drafts] hostile iframes (#3360) from Florian Rivoal via GitHub on 2018-12-03 (public-css-archive@w3.org from December 2018)

From: Florian Rivoal via GitHub <sysbot+gh@w3.org>
Date: Mon, 03 Dec 2018 07:42:06 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-443616378-1543822915-sysbot+gh@w3.org>

---

Migrated from https://github.com/WICG/spatial-navigation/issues/58#issuecomment-412061890
Originally created by @annevk on *Fri, 10 Aug 2018 12:01:12 GMT*

---
Feature Policy makes sense for this (for enabling something that's by default disabled).

Is there an attack vector in the other direction? Whereby the embedder can direct the navigation such that it makes clickjacking easier?

-- 
GitHub Notification of comment by frivoal
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/3360#issuecomment-443616378 using your GitHub account

Received on Monday, 3 December 2018 07:42:12 UTC