W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2019

Re: [webauthn] Refer to IntersectionObserver from the Security Considerations (#1105)

From: szager-chromium via GitHub <sysbot+gh@w3.org>
Date: Tue, 12 Nov 2019 01:39:46 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-552694720-1573522785-sysbot+gh@w3.org>
> On 30 Oct 2019 call, decided to close this one per the argument at TPAC that practically, iframes can always be obscured or made not-credibly-visible.

Could you expand on this? Yes, an iframe can be obscured or made not-credibly-visible. IntersectionObserver V2 cannot prevent that, but it *can* notify the iframe's context of the fact.

It seems to me that the more pertinent question is: can IntersectionObserver V2 be defeated in some way, such that an iframe is effectively obscured while IntersectionObserver V2 reports it to be visible? To which I reply: not in any way that I'm aware of; and if such an exploit exists, I would really like to know about it.

-- 
GitHub Notification of comment by szager-chromium
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1105#issuecomment-552694720 using your GitHub account
Received on Tuesday, 12 November 2019 01:39:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:59:08 UTC