W3C home > Mailing lists > Public > public-secondscreen@w3.org > February 2017

Re: [presentation-api] Authenticity of screen selection permission is problematic in insecure contexts

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Thu, 09 Feb 2017 18:37:46 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-278732350-1486665465-sysbot+gh@w3.org>
I observe no further comments in the related public-webappsec thread 
or in this issue.

@mfoltzgoogle you identified two specific issues in 
https://github.com/w3c/presentation-api/issues/380#issuecomment-276160625.
 Does https://w3c.github.io/webappsec-secure-contexts/#new provide you
 with appropriate guidance and hooks to mitigate the identified 
attacks? Any open questions to the group?

If all clear, I'd suggest you submit a PR to be reviewed with the 
WebAppSec people who raised this issue.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at 
https://github.com/w3c/presentation-api/issues/380#issuecomment-278732350
 using your GitHub account
Received on Thursday, 9 February 2017 18:37:56 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 9 February 2017 18:37:56 UTC