Re: [ambient-light] Fix #37: Add cross-origin leaks, hijacking browsing history

@lknik, thanks for the confirmation, we'll merge this PR now.

Your further contributions are always welcome, that said, I'm happy with the current state of the security and privacy considerations and that the spec has been scrutinized so carefully by domain experts, so I see no immediate need to embellish this section further.

@alexshalamov can explain how the specified mitigations work together to address the known threats, and perhaps shed some light on how they are implemented in Chrome (an implementation detail and as such out of scope for spec discussions, but perhaps still of interest to you).

GitHub Notification of comment by anssiko
Please view or discuss this issue at using your GitHub account

Received on Monday, 4 September 2017 09:22:20 UTC