19773 2012-10-30 10:25:32 +0000 Add sandboxed pointer lock flag to HTML Sandboxing 2013-01-23 12:00:08 +0000 1 1 1 Unclassified HTML WG HTML5 spec unspecified Other other RESOLVED FIXED P3 normal --- 18647 19752 1 eoconnor silviapfeiffer1 ian mike public-html-admin public-html-wg-issue-tracking public-webapps scheib silviapfeiffer1 public-html-bugzilla oldest_to_newest 77392 0 eoconnor 2012-10-30 10:25:32 +0000 +++ This bug was initially created as a clone of Bug #18647 +++ Pointer Lock API [1] adds capability that should be restricted by a sandbox flag unless an iframe is marked explicitly with sandbox="allow-pointer-lock" Rough edit suggestion to HTML: http://dev.w3.org/html5/spec/origin-0.html#sandboxing Add a section for The sandboxed pointer lock flag + "The sandboxed pointer lock flag + This flag prevents content from using the Pointer Lock API" with link to http://www.w3.org/TR/pointerlock/ Add a new flag parsing item: After the text: "When the user agent is to parse a sandboxing directive ..." Add + "The sandboxed pointer lock flag, unless tokens contains the allow-pointer-lock keyword" [1] http://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html 77393 1 eoconnor 2012-10-30 10:26:20 +0000 Silvia, see bug 18647 for the WHATWG fix. 77403 2 silviapfeiffer1 2012-10-30 11:00:55 +0000 Already staged: https://github.com/w3c/html/tree/feature/whatwg_iframe_pointer_lock Why would it need to go into HTML5 and not be held back for HTML.next? 81996 3 robin 2013-01-23 11:21:28 +0000 *** Bug 19752 has been marked as a duplicate of this bug. *** 81997 4 silviapfeiffer1 2013-01-23 11:58:23 +0000 EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the Editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the Tracker Issue; or you may create a Tracker Issue yourself, if you are able to do so. For more details, see this document: http://dev.w3.org/html5/decision-policy/decision-policy-v2.html Status: Accepted Change Description: https://github.com/w3c/html/commit/e7c8dc0b9702656217ac50b003610fca568271a4 Rationale: accepted WHATWG change 81998 5 silviapfeiffer1 2013-01-23 12:00:08 +0000 Oops, wrong change URL. Here's right one: https://github.com/w3c/html/commit/131ddb6159da41bc0dcb711118744eeb28e3fcc8