W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Avoid PIN skimming attacks by using input element state

From: Alexander Shalamov via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 May 2017 15:51:13 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-298953102-1493826670-sysbot+gh@w3.org>
I was thinking about focused / unfocused use-cases, but according to [this](https://html.spec.whatwg.org/multipage/interaction.html#focusing-steps)  and [this](https://www.w3.org/TR/html5/editing.html#focus), looks like taking into account 'focused' state is unreliable. Main document is still focused when element in iframe has focus. Also, looks like on some platforms, document can have focus, while system UI is focused, e.g. on Mac, if you use spotlight search, document is still focused (have to try on other platforms).

Anyways, imo this issue could be renamed, since it is applicable to all elements that could be used by user to provide input. We need to have a hint from the platform / browser, that user is providing input, therefore UA could apply some special sensor policy. For input=password, this is a 'must' requirement.

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/issues/189#issuecomment-298953102 using your GitHub account
Received on Wednesday, 3 May 2017 15:51:20 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC