Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prompt spam and reputation attacks associated with requestStorageAccessFor #75

Open
aselya opened this issue Sep 12, 2024 · 3 comments
Open
Labels
session Breakout session proposal

Comments

@aselya
Copy link

aselya commented Sep 12, 2024

Session description

Discussion on how to expand the requestStorageAccessFor API to reduce the potential for it to be used as a vector for reputation attacks and prompt spam.

These are issues because embedded sites can not control who embeds them. Which means that the top level site can prompt on behalf of the embedded site. This could potentially damage the embedder’s reputation and/or spam the user with the generation of a large number of prompts.

Session goal

gather input from the community and gain consensus on how to address the problems

Additional session chairs (Optional)

@cfredric

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#reduce-risks-requeststorageaccess

Other sessions where we should avoid scheduling conflicts (Optional)

#74

Instructions for meeting planners (Optional)

No response

Agenda for the meeting.

Introduce the problem
Review how the browsers have addressed it so far
Discuss more potential solutions

Links to calendar

Meeting materials

@aselya aselya added the session Breakout session proposal label Sep 12, 2024
@tpac-breakout-bot
Copy link
Collaborator

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
session Breakout session proposal
4 participants