Re: [pointerevents] setPointerCapture should be disabled in sandboxed iframes by default

I do think the cross frame capturing will be a concern (certainly 
spammy advertisements would love to be obnoxious to containing frames,
 there's ample evidence of them doing anything possible). So I support
 closing that.

Using the sandbox tag is a solution, but seems heavier weight than 
necessary, and won't solve non-sandboxed iframes. It passes complexity
 to the web app developers and in some cases would be easily 
overlooked (it's opt in).

I continue to think the "only setPointerCapture from an event to that 
element" is much cleaner, deals with the issues without needing web 
developer involvement. I think the rare cases capture is needed to 
work around that are still possible, e.g. by the methods I and you 
just cited. A search for "resize iframe interactively" found a few 
 and demos (both simple html5 and jquery), so I don't think your last 
example is a reason to complicate capture.

However, if folks did want to pursue the sandbox with 
allow-pointer-capture, I don't see other reasons not to.

GitHub Notification of comment by scheib
Please view or discuss this issue at 
using your GitHub account

Received on Wednesday, 11 January 2017 22:28:45 UTC