- From: Rick Byers <notifications@github.com>
- Date: Wed, 23 Aug 2023 09:46:57 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 23 August 2023 16:47:02 UTC
Hey @torgo, if I understand the concern the TAG has here, it's not restricted just to any cross-document filling cases, right? In the simple case of a 3P iframe with an <input type=cc-number> field that the user clicks directly on, your concern would also apply there too. Is that right? I suspect that's where the gap is here. The autofill team is focused on the scenario of cross-document autofill (taking the established behavior of same-document autofill as fixed) but I think TAG is raising a good point that we should take a step back and think about articulating and possibly improving the security model for autofill in 3p iframes generally (even the simple single-document case). Is that right? -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/831#issuecomment-1690297643 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/831/1690297643@github.com>
Received on Wednesday, 23 August 2023 16:47:02 UTC