becca...@chromium.orgmlam...@chromium.org https://github.com/WICG/picture-in-picture/blob/v2/v2_explainer.md https://docs.google.com/document/d/1zZwiNkLn24SvTMmnXj6AgGK88jZhkaxexUiZr-hOfsU/editFull spec not yet available Waiting on full spec We are adding support for requesting a Picture-in-Picture window that can contain arbitrary HTML content instead of a video layer. This content can be either interactive or not. The original Picture-in-Picture API is limited to HTMLVideoElement. It takes the video layer and moves it into a window that follows display rules specific to Picture-in-Picture. Various partners expressed interest for a more flexible API. The feature requests fell into two categories: customising the look & feel and customising the user experience. The former can technically be done using canvas elements but the latter requires a different model that would require user interaction and therefore no longer be compatible with Android, iOS and macOS APIs.Firefox: No public signals Edge: Public support (https://github.com/WICG/picture-in-picture/issues/113#issuecomment-460512662) Safari: Opposed Apple expressed very clearly that they would not implement such an API, regardless of the form it takes. However, they were supportive with us taking this direction.
Web developers: Positive For the interactive use case we will show the origin on hover. Therefore, if there is Chrome UI overlapping the Picture-in-Picture window we may use the CSS env() safe area variables to provide this information to sites. Developers will need to do some work to make their sites compatible with the new API. We will do some outreach around best practices for developers. The UI for the interactive use case will show the origin and a border to make it distinct from the rest of the browser.
All platforms except WebView. However, Android will only support non-interactive content. https://chromestatus.com/features/4844605453369344
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFeLsEKt3KBfBSZUo8N3FOTonvdmvKDsQaCgz4Z%2BQPqUHKOtNw%40mail.gmail.com.
On Fri, Apr 26, 2019 at 11:50 PM Becca Hughes <becca...@chromium.org> wrote:becca...@chromium.orgmlam...@chromium.org https://github.com/WICG/picture-in-picture/blob/v2/v2_explainer.md https://docs.google.com/document/d/1zZwiNkLn24SvTMmnXj6AgGK88jZhkaxexUiZr-hOfsU/editFull spec not yet available Waiting on full spec We are adding support for requesting a Picture-in-Picture window that can contain arbitrary HTML content instead of a video layer. This content can be either interactive or not. The original Picture-in-Picture API is limited to HTMLVideoElement. It takes the video layer and moves it into a window that follows display rules specific to Picture-in-Picture. Various partners expressed interest for a more flexible API. The feature requests fell into two categories: customising the look & feel and customising the user experience. The former can technically be done using canvas elements but the latter requires a different model that would require user interaction and therefore no longer be compatible with Android, iOS and macOS APIs.Firefox: No public signals Edge: Public support (https://github.com/WICG/picture-in-picture/issues/113#issuecomment-460512662) Safari: Opposed Apple expressed very clearly that they would not implement such an API, regardless of the form it takes. However, they were supportive with us taking this direction.That sounds... not great. :) Any chance that communication was public? It would be nice to link to the conversation here.Web developers: Positive For the interactive use case we will show the origin on hover. Therefore, if there is Chrome UI overlapping the Picture-in-Picture window we may use the CSS env() safe area variables to provide this information to sites. Developers will need to do some work to make their sites compatible with the new API. We will do some outreach around best practices for developers. The UI for the interactive use case will show the origin and a border to make it distinct from the rest of the browser.Please make sure to chat with folks like +Emily Stark and her team when working through the UX considerations here.
On Fri, Apr 26, 2019 at 11:50 PM Becca Hughes <becca...@chromium.org> wrote:becca...@chromium.orgmlam...@chromium.org https://github.com/WICG/picture-in-picture/blob/v2/v2_explainer.md https://docs.google.com/document/d/1zZwiNkLn24SvTMmnXj6AgGK88jZhkaxexUiZr-hOfsU/editFull spec not yet available Waiting on full spec We are adding support for requesting a Picture-in-Picture window that can contain arbitrary HTML content instead of a video layer. This content can be either interactive or not. The original Picture-in-Picture API is limited to HTMLVideoElement. It takes the video layer and moves it into a window that follows display rules specific to Picture-in-Picture. Various partners expressed interest for a more flexible API. The feature requests fell into two categories: customising the look & feel and customising the user experience. The former can technically be done using canvas elements but the latter requires a different model that would require user interaction and therefore no longer be compatible with Android, iOS and macOS APIs.Firefox: No public signals Edge: Public support (https://github.com/WICG/picture-in-picture/issues/113#issuecomment-460512662) Safari: Opposed Apple expressed very clearly that they would not implement such an API, regardless of the form it takes. However, they were supportive with us taking this direction.That sounds... not great. :) Any chance that communication was public? It would be nice to link to the conversation here.
On Sat, Apr 27, 2019 at 1:51 PM Mike West <mk...@chromium.org> wrote:On Fri, Apr 26, 2019 at 11:50 PM Becca Hughes <becca...@chromium.org> wrote:becca...@chromium.orgmlam...@chromium.org https://github.com/WICG/picture-in-picture/blob/v2/v2_explainer.md https://docs.google.com/document/d/1zZwiNkLn24SvTMmnXj6AgGK88jZhkaxexUiZr-hOfsU/editFull spec not yet available Waiting on full spec We are adding support for requesting a Picture-in-Picture window that can contain arbitrary HTML content instead of a video layer. This content can be either interactive or not. The original Picture-in-Picture API is limited to HTMLVideoElement. It takes the video layer and moves it into a window that follows display rules specific to Picture-in-Picture. Various partners expressed interest for a more flexible API. The feature requests fell into two categories: customising the look & feel and customising the user experience. The former can technically be done using canvas elements but the latter requires a different model that would require user interaction and therefore no longer be compatible with Android, iOS and macOS APIs.Firefox: No public signals Edge: Public support (https://github.com/WICG/picture-in-picture/issues/113#issuecomment-460512662) Safari: Opposed Apple expressed very clearly that they would not implement such an API, regardless of the form it takes. However, they were supportive with us taking this direction.That sounds... not great. :) Any chance that communication was public? It would be nice to link to the conversation here.Web developers: Positive For the interactive use case we will show the origin on hover. Therefore, if there is Chrome UI overlapping the Picture-in-Picture window we may use the CSS env() safe area variables to provide this information to sites. Developers will need to do some work to make their sites compatible with the new API. We will do some outreach around best practices for developers. The UI for the interactive use case will show the origin and a border to make it distinct from the rest of the browser.Please make sure to chat with folks like +Emily Stark and her team when working through the UX considerations here.We've been chatting already, and have enumerated several risks, some of which are already present in the existing video PIP API:* If the website can entice the user to drag the PIP window over browser UI, the PIP content could spoof browser UI, like fake a URL in the omnibox (covering the real omnibox). This is partially mitigated by having a drop shadow border around the PIP window.* Allowing arbitrary user interaction with the PIP window could definitely be a spoofing/phishing risk, but it would probably be feasible to limit interactions to clicks to reduce the risk.* There is also a reverse-clickjacking risk: the PIP window could float over a cross-origin window and entice the user to click, and then disappear at the right moment so that the click passes through to the page underneath. We are not sure how to mitigate this. It would be difficult to pull off, like the first attack in this list (spoofing browser UI), because the attacker would have to get the user to drag the window into the right place, and the window doesn't know its position (just its size).* There is a general risk of confusion/annoyance about where the content in the PIP window comes from. There should be a way to show the origin and window controls (like to close the window) in some ideally non-spoofable, always-accessible way.