Re: [Bug 25809] Security issue: Abuse of "call me" URLs

Le jeudi 03 juillet 2014 à 10:56 +0200, Harald Alvestrand a écrit :
> I think the web developers mostly will read books and pages written by 
> people who (hopefully) read the spec - and those people will hopefully 
> read it from end to end, so it doesn't matter much where.
> 
> I think putting it in the (non-normative) security considerations 
> section will do nicely.

This sounds reasonable; I've put a pull request to that effect.
https://github.com/w3c/mediacapture-main/pull/9

But I wonder if we could not do more to make that footgun less likely to
be triggered.

We could for instance prevent getUserMedia from operating without an
"engagement gesture" (see
https://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html#glossary
).

For an ad that would embed an app that would have stored permissions, we
may also link the stored permissions to the stack of embedding origins,
not just the origin from where the script operates (although I don't
know if there is any model we can follow for this).

Finally, we may also want to avoid any random app to be able to trigger
a getUserMedia prompt when embedded in a Web page (which could easily
confuse users); in this case, we should get a new value added to the
sandbox attribute in iframe element
http://www.w3.org/html/wg/drafts/html/master/embedded-content.html#attr-iframe-sandbox

Dom

Received on Thursday, 28 August 2014 09:37:43 UTC