Re: [sensors] Avoid PIN skimming attacks by using input element state

I was thinking about focused / unfocused use-cases, but according to [this](https://html.spec.whatwg.org/multipage/interaction.html#focusing-steps)  and [this](https://www.w3.org/TR/html5/editing.html#focus), looks like taking into account 'focused' state is unreliable. Main document is still focused when element in iframe has focus. Also, looks like on some platforms, document can have focus, while system UI is focused, e.g. on Mac, if you use spotlight search, document is still focused (have to try on other platforms).

Anyways, imo this issue could be renamed, since it is applicable to all elements that could be used by user to provide input. We need to have a hint from the platform / browser, that user is providing input, therefore UA could apply some special sensor policy. For input=password, this is a 'must' requirement.

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/issues/189#issuecomment-298953102 using your GitHub account

Received on Wednesday, 3 May 2017 15:51:20 UTC