W3C home > Mailing lists > Public > public-device-apis-log@w3.org > August 2017

Re: [ambient-light] Fix #37: Add cross-origin leaks, hijacking browsing history

From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Aug 2017 17:10:53 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-325731281-1504026642-sysbot+gh@w3.org>
Hello. Looks sound (perhaps it would benefit from some proof reading though).

@alexshalamov can you elaborate how top-level-browsing-context and losing-focus mitigate the risks discussed here? 

Note: I would still allow permissions. In the original issue I actually addressed that some mitigations (frequency/precision) reduce risk, but may not solve all "instances". In that case, we should consider at least documenting that.

GitHub Notification of comment by lknik
Please view or discuss this issue at https://github.com/w3c/ambient-light/pull/38#issuecomment-325731281 using your GitHub account
Received on Tuesday, 29 August 2017 17:10:52 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:54 UTC