- From: Matt Reynolds <notifications@github.com>
- Date: Thu, 28 May 2020 17:29:16 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/370/635687884@github.com>
> The ability to communicate across domains which should be isolated from one another via the device seems like a major security hole which we are deeply concerned about. I don't see a good way to mitigate this. I'll note that the same security hole exists on all major OSes. If two applications have write access to the same device then they can use the shared state for communication. > Actually this can be a major problem if using a common JS library for gamepad support, as this can mean that the same gamepad is registered across multiple sites (which might be opened at the same time) and then the library might be doing things it is not supposed to, like allow communication across these sites without the user knowing In principle it doesn't matter if the access is simultaneous since information can also be communicated asynchronously, although simultaneous access would allow faster communication. Supposing we block simultaneous access at the API level, it doesn't actually protect the user since they can still access the device from another browser instance running the same malicious library. To prevent simultaneous access we need to request exclusive access to the device at the platform level, which isn't possible on all OSes and may interfere with other running applications. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/370#issuecomment-635687884
Received on Friday, 29 May 2020 00:29:29 UTC