W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

From: Alexander Shalamov via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 May 2017 18:08:10 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-304961238-1496167689-sysbot+gh@w3.org>
> Well, that's incorrect, it's linked from https://w3c.github.io/sensors/#update-latest-reading.

That is exactly the problem I mentioned multiple times, it should not be there! It is like running rendering with webgl at full speed and checking if we need to render anything in the middle of the algo. There should be no 'update sensor reading' scheduled at all.

> I'm no sure what you mean.

If informative section that defines applicability of this algorithm (MAY), then algorithm should not be used in normative sections? Am I right?

> In the meantime, I am not interested in replacing normatively correct text by a flaky solution.

Whole spec is flaky at the moment :D , lets avoid adding more flaky stuff and revert this PR and address it properly. Fix nested browsing contexts with different origins and visibility. Focusing can be done in-parallel and when we have hooks, we can call proper suspend / resume algos.

-- 
GitHub Notification of comment by alexshalamov
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304961238 using your GitHub account
Received on Tuesday, 30 May 2017 18:08:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC