- From: Jeffrey Yasskin <notifications@github.com>
- Date: Mon, 13 Jan 2025 10:01:48 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 13 January 2025 18:01:52 UTC
We looked at this in a breakout today, with the following conclusion: This looks like a good problem space to investigate. We'd like to see more use cases fleshed out, especially cross-site iframes opening popups on their own origin. We think the UI question is critical to a full analysis of this proposal: please let us know when you have a proposed design for that. We're also hoping to see a full description of what parts of that [UI users are expected to learn to trust](https://www.w3.org/TR/design-principles/#trusted-ui), and how various combinations of malicious top-level, embedded, and popup sites could take advantage of that user trust (that is, explain the "abuse cases" and how they're mitigated). Please reopen this issue when we can look at that analysis. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/956#issuecomment-2587808946 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/956/2587808946@github.com>
Received on Monday, 13 January 2025 18:01:52 UTC