- From: Rick Byers via GitHub <sysbot+gh@w3.org>
- Date: Tue, 26 Apr 2016 19:41:09 +0000
- To: public-pointer-events@w3.org
We [discussed this today](https://www.w3.org/2016/04/26-pointerevents-minutes.html#item04) on the call. It sounds like there's agreement that at a minimum sandboxed iframes shouldn't permit capture from outside their frame in order to prevent user annoyance, in the same way that they [don't permit pointer lock](https://html.spec.whatwg.org/multipage/browsers.html#attr-iframe-sandbox-allow-pointer-lock) by default. However it's not clear whether there is real privacy/security risk here in practice. There are a number of reasons this is hard to usefully exploit. Discussion of this is moving to [this private issue](https://bugs.chromium.org/p/chromium/issues/detail?id=606896) to permit concrete discussion of potential attack vectors. -- GitHub Notification of comment by RByers Please view or discuss this issue at https://github.com/w3c/pointerevents/issues/16#issuecomment-214862782 using your GitHub account
Received on Tuesday, 26 April 2016 19:41:12 UTC