<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes"
href="https://bugs.webkit.org/show_bug.cgi?id=152299#c15">Comment # 15</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes"
href="https://bugs.webkit.org/show_bug.cgi?id=152299">bug 152299</a>
from <span class="vcard"><a class="email" href="mailto:davide@davidemontersino.com" title="Davide Orazio Montersino <davide@davidemontersino.com>"> <span class="fn">Davide Orazio Montersino</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=152299#c14">comment #14</a>)
<span class="quote">> (In reply to <a href="show_bug.cgi?id=152299#c12">comment #12</a>)
> > It's really not the prerogative of the site author to decide if device
> > status should be shared cross-domain.
>
> Aye this could already be done with a plethora of non-elegant means using
> postMessage, WebSockets as suggested earlier all the way through to
> embedding the event data in the URL after the hash and having the child
> frame listen for onhashchange.
>
> Although it would be nicer to actually have native support if that is what
> the site owner is after.</span >
Any updates on the sandbox="allow-scripts allow-device-sensors" proposal?
Not implementing this solution does not add to security in any ways - enabling it or not is of course still prerogative of the site owner.
It just makes the web a more hackish place - using non-elegant ways achieve this is exactly what we and the whole industry is doing.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>