- From: Ted Mielczarek <notifications@github.com>
- Date: Fri, 26 Oct 2018 11:00:42 -0700
- To: w3c/gamepad <gamepad@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 26 October 2018 18:01:04 UTC
> For fingerprinting, I'm more worried about the "drive-by" web where the user doesn't interact with the page and doesn't have any indications that something's going on. I think the spec covers fingerprinting concerns reasonably well since it requires interaction with a gamepad while the page is visible. > More concerning is that I didn't see a place in the spec where the API was restricted to something like the top-level browsing context of currently visible windows. The intention has always been that updated data would only be available to visible windows, but it doesn't seem like that ever made it into the spec text. It sounds like Chrome implements this, and Firefox definitely does, I wrote a test for that behavior a long time ago: https://dxr.mozilla.org/mozilla-central/source/dom/tests/mochitest/gamepad/test_gamepad_frame_state_sync_iframe.html In regards to only making it available to top-level browsing contexts I'm less sure. I don't know that it would explicitly break current uses, but being unable to use a gamepad because a site has embedded a game in an iframe would be unfortunate, certainly. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/gamepad/issues/74#issuecomment-433493664
Received on Friday, 26 October 2018 18:01:04 UTC