Bug 19773 - Add sandboxed pointer lock flag to HTML Sandboxing
Add sandboxed pointer lock flag to HTML Sandboxing
Status: RESOLVED FIXED
Product: HTML WG
Classification: Unclassified
Component: HTML5 spec
unspecified
Other other
: P3 normal
: ---
Assigned To: Silvia Pfeiffer
HTML WG Bugzilla archive list
:
: 19752 (view as bug list)
Depends on: 18647
Blocks: 19752
  Show dependency treegraph
 
Reported: 2012-10-30 10:25 UTC by Edward O'Connor
Modified: 2013-01-23 12:00 UTC (History)
7 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Edward O'Connor 2012-10-30 10:25:32 UTC
+++ This bug was initially created as a clone of Bug #18647 +++

Pointer Lock API [1] adds capability that should be restricted by a sandbox flag unless an iframe is marked explicitly with sandbox="allow-pointer-lock"

Rough edit suggestion to HTML:
http://dev.w3.org/html5/spec/origin-0.html#sandboxing

Add a section for The sandboxed pointer lock flag
+ "The sandboxed pointer lock flag
+  This flag prevents content from using the Pointer Lock API"
   with link to http://www.w3.org/TR/pointerlock/

Add a new flag parsing item:
After the text: "When the user agent is to parse a sandboxing directive ..."
Add
+ "The sandboxed pointer lock flag, unless tokens contains the allow-pointer-lock keyword"


[1] http://dvcs.w3.org/hg/pointerlock/raw-file/default/index.html
Comment 1 Edward O'Connor 2012-10-30 10:26:20 UTC
Silvia, see bug 18647 for the WHATWG fix.
Comment 2 Silvia Pfeiffer 2012-10-30 11:00:55 UTC
Already staged:
https://github.com/w3c/html/tree/feature/whatwg_iframe_pointer_lock

Why would it need to go into HTML5 and not be held back for HTML.next?
Comment 3 Robin Berjon 2013-01-23 11:21:28 UTC
*** Bug 19752 has been marked as a duplicate of this bug. ***
Comment 4 Silvia Pfeiffer 2013-01-23 11:58:23 UTC
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If
you are satisfied with this response, please change the state of
this bug to CLOSED. If you have additional information and would
like the Editor to reconsider, please reopen this bug. If you would
like to escalate the issue to the full HTML Working Group, please
add the TrackerRequest keyword to this bug, and suggest title and
text for the Tracker Issue; or you may create a Tracker Issue
yourself, if you are able to do so. For more details, see this
document:   http://dev.w3.org/html5/decision-policy/decision-policy-v2.html

Status: Accepted

Change Description:
https://github.com/w3c/html/commit/e7c8dc0b9702656217ac50b003610fca568271a4

Rationale: accepted WHATWG change
Comment 5 Silvia Pfeiffer 2013-01-23 12:00:08 UTC
Oops, wrong change URL. Here's right one:
https://github.com/w3c/html/commit/131ddb6159da41bc0dcb711118744eeb28e3fcc8