18647 2012-08-21 20:19:19 +0000 Add sandboxed pointer lock flag to HTML Sandboxing 2013-01-04 17:56:01 +0000 1 1 1 Unclassified WebAppsWG HISTORICAL - Pointer Lock unspecified Other other RESOLVED FIXED P3 normal --- 19752 19773 1 scheib scheib ian mike public-webapps public-webapps-bugzilla oldest_to_newest 72509 0 scheib 2012-08-21 20:19:19 +0000 Pointer Lock API [1] adds capability that should be restricted by a sandbox flag unless an iframe is marked explicitly with sandbox="allow-pointer-lock" Rough edit suggestion to HTML: http://dev.w3.org/html5/spec/origin-0.html#sandboxing Add a section for The sandboxed pointer lock flag + "The sandboxed pointer lock flag + This flag prevents content from using the Pointer Lock API" with link to http://www.w3.org/TR/pointerlock/ Add a new flag parsing item: After the text: "When the user agent is to parse a sandboxing directive ..." Add + "The sandboxed pointer lock flag, unless tokens contains the allow-pointer-lock keyword" [1] http://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html 77114 1 ian 2012-10-25 18:10:19 +0000 Ok, I have added "allow-pointer-lock" to the HTML spec. In the Pointer Lock spec, add the following clause somewhere: If [the Document object]'s _active sandboxing flag set_ has the _sandboxed pointer lock browsing context flag_, then [the user agent must not lock the pointer]. ...where "the Document object" should be expanded to a reference to the Document object for which pointer lock is being enabled, whatever that is. "active sandboxing flag set" and "sandboxed pointer lock browsing context flag" are terms now defined in the HTML spec. "the user agent must not lock the pointer" is whatever conformance requirement you need to add to your spec to make it not lock the pointer. 77115 2 contributor 2012-10-25 18:10:58 +0000 Checked in as WHATWG revision r7485. Check-in comment: Add sandbox=allow-pointer-lock, and some nearby cleanup. http://html5.org/tools/web-apps-tracker?from=7484&to=7485