- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 31 Oct 2013 17:52:16 +0000
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Oct 31, 2013 at 5:25 PM, Brad Hill <hillbrad@gmail.com> wrote: > The current input protection heuristic says that repaint events or > obstructions caused by a different document trigger a violation. > > As it is likely that user agents may composite together rendering of nested > iframes from the same origin, are there any objections to weakening the > heuristic from being same-document to merely same-origin, to avoid another > implementation barrier here? It seems likely for <iframe seamless> (which we want cross-origin too) but I might be missing what this is about. -- http://annevankesteren.nl/
Received on Thursday, 31 October 2013 17:52:47 UTC