Re: [pointerevents] setPointerCapture should say something about iframes

Summary: it sounds like everyone agrees that the security risk is 
pretty low but that sandboxed iframes should have some mitigation to 
prevent user annoyance due to malicious (eg. attention grabbing) 
iframes.  So the outstanding question is, is there a minimal 
mitigation we can apply that doesn't break any reasonable use case 
that we should just apply universally rather than need to special case
 sandboxed iframes.  @teddink says he'll talk to more MS folks and 
follow up with details [on the security 
bug](https://bugs.chromium.org/p/chromium/issues/detail?id=606896).

-- 
GitHub Notification of comment by RByers
Please view or discuss this issue at 
https://github.com/w3c/pointerevents/issues/16#issuecomment-227792508 
using your GitHub account

Received on Wednesday, 22 June 2016 16:04:40 UTC