----- Original Message ----- From: "Jonas Sicking" <[email protected]> To: "Adrienne Porter Felt" <[email protected]> Cc: [email protected], [email protected], [email protected], "Lucas Adamski" <[email protected]>, "dev-b2g mailing list" <[email protected]> Sent: Thursday, May 3, 2012 4:05:38 AM Subject: Re: [b2g] WebAPI Security Discussion: Vibration API
> We could implement a "allow by default but allow parent website to > disable vibration" by extending the sandbox attribute. We could > probably do audio that way too since sandboxes disable plugins. when working on a previous user agent, when pitching what is essentially the sandbox attribute's 'allow-same-origin' functionality to various people, a common request that came up was 'site authors want a way to stop hosted, possibly user generated, content being annoying' so, FWIW i'm in favor of exploring extending the sandbox attribute to deal with cases like restricting vibration or audio - the existing 'sandboxing automatic features' flag which is set if 'allow-scripts' isn't specified is a start along these lines already and has a somewhat 'up to the reader' interpretation beyond the mentioned example use cases (stopping video autoplay and autofocus). thanks, ian _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
