Re: [w3c/gamepad] id field in gamepad might have a persistent identifier? (#73) from Ted Mielczarek on 2019-09-12 (public-webapps-github@w3.org from September 2019)

From: Ted Mielczarek <notifications@github.com>
Date: Thu, 12 Sep 2019 05:57:21 -0700
To: w3c/gamepad <gamepad@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/gamepad/issues/73/530812736@github.com>

I think the issues I raised [in my previous comment](https://github.com/w3c/gamepad/issues/73#issuecomment-395548021) are still relevant. Maybe simply disallowing Gamepad access in third-party iframes would be sufficient? The spec was written with the intent being that only pages that were visible while the user interacted with a gamepad (like pressing a button) should get access to gamepads at all so I don't think this is unreasonable. In that case I think `getGamepads()` ought to just return an empty array.

Inventing a stable per-origin identifier for each gamepad is a clever idea, that would allow pages to save data like button mappings for a gamepad without cross-site info leaks.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/gamepad/issues/73#issuecomment-530812736

Received on Thursday, 12 September 2019 12:57:42 UTC