Open cabanier opened 3 years ago
grorg
commented
3 years ago These are all good questions, but I'm not sure they are all related to security. I've been planning to add a section on displaying the model - how to scale it into the viewport, etc.
cabanier
commented
3 years ago If a model is allowed to overflow the element's viewport, it could interfere with the browser's chrome or make parts of the page hard to access. It needs to be limited to the area of the element and a reasonable depth. As for events, is the intent that the user can manipulate the model (ie grab and rotate). If so, should that create events?
I've been planning to add a section on displaying the model - how to scale it into the viewport, etc.
That would be great!
From reading the explainer, it's unclear what would happen if the model is larger than the space that the model tag is specifying. Is the assumption that it will be cut down or can it overflow its box?
For use cases where the model is actually 3D, how far would it be allowed to extend from the page? Would it consume or pass through mouse/touch events?
Would there be mitigations if the models are too large in size or complexity or if there are too many?