Re: [w3c/payment-request] Disable Payment Request API in CSP/iframe sandbox (#698) from Marcos Cáceres on 2018-03-29 (public-webpayments-specs@w3.org from March 2018)

From: Marcos Cáceres <notifications@github.com>
Date: Thu, 29 Mar 2018 01:48:25 +0000 (UTC)
To: w3c/payment-request <payment-request@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/payment-request/issues/698/377094255@github.com>

Looking quickly, seems we would need to add it to:

 *[HTML Sandboxing](https://html.spec.whatwg.org/multipage/origin.html#sandboxing) 
 
And we would need something like this in the PaymentRequest constructor:

>  If the document object's active sandboxing flag set has the sandboxed payment request browsing context flag set, throw a `SecurityError` DOMException.

@domenic, does the above seem right? Or is there more to it? 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/payment-request/issues/698#issuecomment-377094255

Received on Thursday, 29 March 2018 01:48:51 UTC