Re: [pointerevents] setPointerCapture should say something about iframes from Rick Byers via GitHub on 2016-06-22 (public-pointer-events@w3.org from April to June 2016)

From: Rick Byers via GitHub <sysbot+gh@w3.org>
Date: Wed, 22 Jun 2016 16:04:34 +0000
To: public-pointer-events@w3.org
Message-ID: <issue_comment.created-227792508-1466611473-sysbot+gh@w3.org>

Summary: it sounds like everyone agrees that the security risk is 
pretty low but that sandboxed iframes should have some mitigation to 
prevent user annoyance due to malicious (eg. attention grabbing) 
iframes.  So the outstanding question is, is there a minimal 
mitigation we can apply that doesn't break any reasonable use case 
that we should just apply universally rather than need to special case
 sandboxed iframes.  @teddink says he'll talk to more MS folks and 
follow up with details [on the security 
bug](https://bugs.chromium.org/p/chromium/issues/detail?id=606896).

-- 
GitHub Notification of comment by RByers
Please view or discuss this issue at 
https://github.com/w3c/pointerevents/issues/16#issuecomment-227792508 
using your GitHub account

Received on Wednesday, 22 June 2016 16:04:40 UTC