> 2\. The ability to communicate across domains which should be isolated from one another via the device seems like a major security hole which we are deeply concerned about.
Actually this can be a major problem if using a common JS library for gamepad support, as this can mean that the same gamepad is registered across multiple sites (which might be opened at the same time) and then the library might be doing things it is not supposed to, like allow communication across these sites without the user knowing
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/370#issuecomment-594987152