This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
+++ This bug was initially created as a clone of Bug #18647 +++ Created to merge https://github.com/w3c/html/commit/0e5f355bd059d8857a44505757da025f21e2efb7, which has been parked in feature/whatwg_iframe_pointer_lock branch. Pointer Lock API [1] adds capability that should be restricted by a sandbox flag unless an iframe is marked explicitly with sandbox="allow-pointer-lock" Rough edit suggestion to HTML: http://dev.w3.org/html5/spec/origin-0.html#sandboxing Add a section for The sandboxed pointer lock flag + "The sandboxed pointer lock flag + This flag prevents content from using the Pointer Lock API" with link to http://www.w3.org/TR/pointerlock/ Add a new flag parsing item: After the text: "When the user agent is to parse a sandboxing directive ..." Add + "The sandboxed pointer lock flag, unless tokens contains the allow-pointer-lock keyword" [1] http://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html
Mass move to "HTML WG"
*** This bug has been marked as a duplicate of bug 19773 ***