-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prompt spam and reputation attacks associated with requestStorageAccessFor #75
Comments
Thank you for proposing a session! You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions. Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting. |
Session description
Discussion on how to expand the requestStorageAccessFor API to reduce the potential for it to be used as a vector for reputation attacks and prompt spam.
These are issues because embedded sites can not control who embeds them. Which means that the top level site can prompt on behalf of the embedded site. This could potentially damage the embedder’s reputation and/or spam the user with the generation of a large number of prompts.
Session goal
gather input from the community and gain consensus on how to address the problems
Additional session chairs (Optional)
@cfredric
Who can attend
Anyone may attend (Default)
IRC channel (Optional)
#reduce-risks-requeststorageaccess
Other sessions where we should avoid scheduling conflicts (Optional)
#74
Instructions for meeting planners (Optional)
No response
Agenda for the meeting.
Introduce the problem
Review how the browsers have addressed it so far
Discuss more potential solutions
Links to calendar
Meeting materials
The text was updated successfully, but these errors were encountered: