add details on security for invokers #942
Conversation
keithamus
requested review from
gregwhitworth,
mfreed7 and
dbaron
as code owners
keithamus
force-pushed
the
add-details-on-security-for-invokers
branch
from
94c9338
to
e94f52c
Compare
keithamus
force-pushed
the
add-details-on-security-for-invokers
branch
from
e94f52c
to
235f859
Compare
|
I've rebased this and addressed some of the comments, so please take a re-read and let me know if there's any more feedback! |
| `<input type=file>` for example; dressing the `<label>` to look like a | ||
| `<button>` and hiding the `<input>`. | ||
|
|
||
| This proposal allows showing the pickers of input elements, for example an |
There was a problem hiding this comment.
Might be worth explaining that invokers as currently implemented fully enforce the cross-origin blocking and don't including the file or color carveouts that showPicker has?
There was a problem hiding this comment.
Should we have the explainer speak to a current implementation or a desired one?
There was a problem hiding this comment.
Desired one. And I think the implementation is the desired one we shouldn't special case file and color for invokers imo
| There is also additional concern around the media element invokers being able | ||
| to circumvent autoplay policies. Invokers should not be able to cicurmvent | ||
| these, and so the play or playpause actions should only be functional in | ||
| environments which allow autoplaying of videos. |
There was a problem hiding this comment.
I'm not sure this is the correct mitigation. They should just behave the same way as the JS APIs, for example if there's no activation and you play then it plays but muted.
Would need to understand the exact specifics across browsers here.
Co-authored-by: Luke Warlow <luke@warlow.dev>
This adds some prose around security considerations for invokers.
Refs #904 and whatwg/html#9625