Re: [w3c/browser-payment-api] Shouldn't HTMLIFrameElement. allowPaymentRequest go into "sandbox"? (#311) from Philip Jägenstedt on 2016-11-16 (public-webpayments-specs@w3.org from November 2016)

From: Philip Jägenstedt <notifications@github.com>
Date: Wed, 16 Nov 2016 05:57:42 -0800
To: w3c/browser-payment-api <browser-payment-api@noreply.github.com>
Message-ID: <w3c/browser-payment-api/issues/311/260952681@github.com>

Looks like this was already implemented in Chromium: https://codereview.chromium.org/2394473002

It's pretty recent, so shouldn't have reached stable yet, but any change would have to be soon.

Does https://html.spec.whatwg.org/multipage/embedded-content.html#allowed-to-use do what you want for payments? In other words, do want payments to be allowed by default for top-level frames, disallowed by default for any descendant frames, with an attribute required for every hop along the way to opt in?

cc @annevk, and see https://github.com/whatwg/html/pull/1492 for some extra history.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/browser-payment-api/issues/311#issuecomment-260952681

Received on Wednesday, 16 November 2016 13:58:16 UTC