W3C home > Mailing lists > Public > public-secondscreen@w3.org > November 2015

Re: [presentation-api] Presentations from within nested browsing contexts

From: Mark Foltz via GitHub <sysbot+gh@w3.org>
Date: Fri, 13 Nov 2015 02:39:58 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-156304038-1447382397-sysbot+gh@w3.org>
Update:

After discussion within Chrome and also with a discussion with 
@sicking, we're proposing the following solution:

- There aren't any persistent permissions or threats posed by use of 
the API in embedded content.  At best it will annoy the user by 
getting them to present content they don't want.  The user remains in 
control to cancel the presentation when this happens.

- We should encourage best practices for identifying what content is 
requesting presentation in the browser UX.

- There should be a way for embedders that don't want presentation 
from content they embed to prevent that from happening.  An 
`allow-presentation` tag in the sandbox attribute for `<iframe>` [1] 
would be an appropriate way to do that.

Should we bring this proposal back to TAG/WebAppSec and/or make the 
attribute proposal as a "patch" to HTML5 in the Presentation API spec?

[1] 
https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-sandbox

-- 
GitHub Notif of comment by mfoltzgoogle
See 
https://github.com/w3c/presentation-api/issues/79#issuecomment-156304038
Received on Friday, 13 November 2015 02:40:00 UTC

This archive was generated by hypermail 2.3.1 : Friday, 13 November 2015 02:40:01 UTC