W3C home > Mailing lists > Public > public-device-apis-log@w3.org > June 2017

Re: [battery] Allow use from within secure context and top-level browsing context only

From: Mounir Lamouri via GitHub <sysbot+gh@w3.org>
Date: Tue, 13 Jun 2017 13:01:03 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-308107841-1497358861-sysbot+gh@w3.org>
Firefox's implementation was providing too much entropy, it doesn't mean that other implementations have to do tho same. I'm not sure how restricting the feature to top level browsing context is the right solution. The Battery API can be used by third party content for valid reasons. We can fix the privacy issues with the Battery API by reducing the entropy of the value shared with the web page instead of blocking the capability entirely. I believe the specification is already recommending implementations to be careful with this. Why do we need to block the API even more, making it pretty much useless in a lot of situations?

-- 
GitHub Notification of comment by mounirlamouri
Please view or discuss this issue at https://github.com/w3c/battery/issues/10#issuecomment-308107841 using your GitHub account
Received on Tuesday, 13 June 2017 13:01:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC