- From: cynthia <notifications@github.com>
- Date: Thu, 23 May 2019 03:12:57 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 23 May 2019 10:13:18 UTC
Apologies for the delayed feedback! @dbaron and I looked at the incorporated changes and discussed this during the Iceland F2F. Some points of feedback: Completely turning off the feature with feature policy as a mitigation towards hostile iframes seems a bit extreme. Since the actual surface of attack from hostile iframes is rather narrow, prevention against trapping seems like a more sensible way forward. This is because you would still want to let the users focus into third party iframes, but would want to mitigate against focus trap attacks. Specifically, ad providers would probably not be happy if they are not clickable. Following that thought, the feature policy name should probably change when this is applied to reflect better exactly what is being allowed/disallowed. Small question: What does "absolute distance" mean? I'm suspecting it's an alias to manhattan distance, but that part is rather unclear. (Especially confusing since euclidean distance is always absolute in terms of value since we aren't doing complex space geometry.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/287#issuecomment-495157495
Received on Thursday, 23 May 2019 10:13:18 UTC