W3C home > Mailing lists > Public > public-device-apis-log@w3.org > August 2017

Re: [ambient-light] Fix #37: Add cross-origin leaks, hijacking browsing history

From: Lukasz Olejnik via GitHub <sysbot+gh@w3.org>
Date: Tue, 29 Aug 2017 17:10:53 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-325731281-1504026642-sysbot+gh@w3.org>
Hello. Looks sound (perhaps it would benefit from some proof reading though).

@alexshalamov can you elaborate how top-level-browsing-context and losing-focus mitigate the risks discussed here? 

Note: I would still allow permissions. In the original issue I actually addressed that some mitigations (frequency/precision) reduce risk, but may not solve all "instances". In that case, we should consider at least documenting that.

-- 
GitHub Notification of comment by lknik
Please view or discuss this issue at https://github.com/w3c/ambient-light/pull/38#issuecomment-325731281 using your GitHub account
Received on Tuesday, 29 August 2017 17:10:52 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC