Prompt spam and reputation attacks associated with requestStorageAccessFor #75
Labels
session
Breakout session proposal
Comments
|
Thank you for proposing a session! You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions. Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Session description
Discussion on how to expand the requestStorageAccessFor API to reduce the potential for it to be used as a vector for reputation attacks and prompt spam.
These are issues because embedded sites can not control who embeds them. Which means that the top level site can prompt on behalf of the embedded site. This could potentially damage the embedder’s reputation and/or spam the user with the generation of a large number of prompts.
Session goal
gather input from the community and gain consensus on how to address the problems
Additional session chairs (Optional)
@cfredric
Who can attend
Anyone may attend (Default)
IRC channel (Optional)
#reduce-risks-requeststorageaccess
Other sessions where we should avoid scheduling conflicts (Optional)
#74
Instructions for meeting planners (Optional)
No response
Agenda for the meeting.
Introduce the problem
Review how the browsers have addressed it so far
Discuss more potential solutions
Links to calendar
Meeting materials
The text was updated successfully, but these errors were encountered: