W3C home > Mailing lists > Public > public-media-capture-logs@w3.org > July 2016

Re: [mediacapture-main] Iframe sandboxing options for gUM

From: Dominique Hazael-Massieux via GitHub <sysbot+gh@w3.org>
Date: Thu, 07 Jul 2016 08:08:22 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issue_comment.created-231011200-1467878901-sysbot+gh@w3.org>
> The sandbox model which has new potentially dangerous feature 
disabled by default is something we hope people to use for their 
cross-origin iframes in general, right?
>
> And by making this feature disabled by default for even non-sandbox,
 aren't you just making the normal model be aligned with the sandbox 
model that has a growing and unbounded set of restrictions which you 
are disapproving?

I'm not disapproving of the growing unbounded set of restrictions; I'm
 saying that the fact that by opting in to sandbox, you're opting in 
to a growing unbounded set of restrictions makes it less likely people
 will be opting in. I prefer the model where the default is right.

> This actually applies to many of other sandbox flags, including 
pointerlock, top navigation, modals, and probably even popups.

OK; if this is the direction where the overall platform is going 
toward, it probably does not make much sense to make `getUserMedia` an
 exception. Since I suspect there are many more cross-origin iframes 
than there are sandboxed iframes, I don't think that's great, but I 
agree there is value in consistency, especially noting your other 
remark:
> Also without sandbox, pages can escape from this restriction via a 
top navigation or popup.

-- 
GitHub Notification of comment by dontcallmedom
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/268#issuecomment-231011200
 using your GitHub account
Received on Thursday, 7 July 2016 08:08:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:27:30 UTC