- From: raymeskhoury <notifications@github.com>
- Date: Fri, 02 Feb 2018 09:27:31 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/225/362650058@github.com>
@slightlyoff what I was trying to say above is that I don't think what you are suggesting is possible in the general case or, I would suggest, even in most cases. Specifically, > the parent doc might want ensure that only the party it has a direct relationship with (the immediate child document) is using (or including third parties that use) a capability very intentionally For most permissions features, they are gating access to some kind of privacy sensitive data like camera, microphone, location, personal identifiers. Once these things are given to a third party, the cat is out of the bag and the third party can pass them on to other parties in many different ways. Even bi-directional device access, such as bluetooth or USB can easily be mediated by a third-party to anyone else it chooses (e.g. via a postMessage API that it sets up or by communicating with a server). And even in the case of frame depth - it is possible to limit a frame from embedding other frames. But it's not possible to control what the frame does with the screen real estate it has already been given, or the memory and CPU resources it has been given. There is nothing stopping it from downloading third-party code and rendering it within its container. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/225#issuecomment-362650058
Received on Friday, 2 February 2018 17:41:56 UTC