-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add secure context criteria to pointerrawupdate and getCoalescedEvents #318
Conversation
@domenic for the |
You also need to update whatever normative text fires a pointerrawupdate event to have it not do so when an appropiate global is not a secure context. Just hiding the event handler attribute wouldn't stop that spec text from executing and causing |
It appears the section to update is https://w3c.github.io/pointerevents/#the-pointerrawupdate-event |
Does this look good? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems reasonable, although the phrasing is a bit awkward. But within the existing structure of that section it should work.
I couldn't find tests for this, at least for the pointerrawupdate. And I'm not sure https://wpt.fyi/results/pointerevents/idlharness.window.html?label=master&label=experimental&aligned&view=subtest&q=idlharness gets run in https contexts. The link in the page leads to http site. Implementations seem to expose getCoalescedEvents on non-secure contexts too |
Finally adding a test for this. Need to move quite a few tests to be loaded from .https and then have some tests for non-https to ensure the features aren't exposed. |
Thanks @smaug---- for fixing a bunch of WPTs around this. This calls for new WPTs to be included in the Interop 2024 proposal (web-platform-tests/interop#472). Please consider voting for some of the WPTs you updated here (and maybe other WPTs too). |
Add secure context criteria to pointerrawupdate event
and getCoalescedEvents APIs to reduce its exposure
to possible attacks.
closes #277
Preview | Diff