- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Mon, 20 Apr 2015 09:17:06 +0000
- To: public-secondscreen@w3.org
The proposal by @mfoltzgoogle is aligned with the model employed by the Fullscreen API [1]. It is a good idea to reuse a model that is in use unless there are issues with it. Personally, I'm not aware of any, but I haven't deep dived into the Fullscreen API. To summarize the proposal (assuming I got it right ;-)): * Define a new `allow-default-presentation` content attribute for the HTML `iframe` element. In practice, something like this: ``` <iframe src="https://example.org/video/1234" allow-default-presentation></iframe> ``` * This content attribute must be set in order for the browser to be able to initiate a presentation from https://example.org/video/1234 * This prevents e.g. content from third parties to go fullscreen without explicit permission. A concern shared with the Fullscreen API [2]. Questions: * Should we require the same for any `startSession()` invocation from within `iframe`? How about `joinSession()`? Currently the spec notes in the 7.1 Starting a presentation session [3]: > Queue a task T to request user permission for the use of a presentation display and selection of one presentation display. I think that for nested content we should in addition require that the top-level browsing context has explicitly opted in to allow `iframe`s to initiate presentation sessions. WDYT? (From the spec organization perspective, this requires us to patch the HTML spec slightly, but we can cross that bridge when we get there.) [1] https://fullscreen.spec.whatwg.org/#model [2] https://fullscreen.spec.whatwg.org/#security-and-privacy-considerations [3] http://w3c.github.io/presentation-api/#starting-a-presentation-session -- GitHub Notif of comment by anssiko See https://github.com/w3c/presentation-api/issues/79#issuecomment-94402811
Received on Monday, 20 April 2015 09:17:14 UTC