Contact emails
becca...@chromium.org, mlam...@chromium.org, dah...@chromium.org
Explainer
https://github.com/WICG/gesture-delegation/blob/master/explainer.md
Spec
https://github.com/WICG/gesture-delegation
Tag review: https://github.com/w3ctag/design-reviews/issues/199
Summary
Add a delegateStickyUserActivation attribute to <iframe> that allows the page to delegate browser context user activation to child frames. It is meant to be used by the Vibration API and the new autoplay policy, both currently require a browser context user activation.
Intent to Implement
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/e7I1tZAfavU/wjgW9s0EBAAJ
Is this feature supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
Risks
Interoperability and Compatibility
Edge: No signals
Firefox: No signals
Safari: No signals
Web developers: Positive
This is a new attribute so if it is not implemented by other browsers or partially implemented, for example if they do not support all the possible values it will be ignored. Therefore the compatibility risk is low for developers who wish to add this to their site.
Only Firefox implements the Vibration API and they do not support browsing context user activation at the moment. The autoplay policy is Chrome specific at the moment. Therefore the interoperability risk is medium because the feature is based on a concept that is not yet interoperable.
Ergonomics
This is part of Unified Autoplay and will also be used by the Vibration API.
Activation
Developers can easily change the autoplay policy in chrome://flags to take advantage of this. It will be enabled for all users in M65.
Is this feature fully tested by web-platform-tests?
WPT reflection tests are here.
There are also LayoutTests to test the autoplay effects of this attribute, but they are dependent on internals so they cannot be upstreamed.
Link to entry on the Chrome Platform Status https://www.chromestatus.com/features/6025124331388928
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFeLsEJQkHsCv4eXq2A0fuFwyyairoDjLgHg2%2BReiaXqOi1YnA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFeLsE%2Bg9xaVdC5gY%3D4K_QhvUxZd-Z%2BPGE0Y-A9zV1Fo4veesQ%40mail.gmail.com.To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
On 10/27/2017 04:14 PM, Mounir Lamouri wrote:
> On Fri, 27 Oct 2017, at 13:13, Jochen Eisinger wrote:
>> I'm worried about the following case: assume something injects ads into
>> random sites you visit. Normally, at least they can't vibrate. But since
>> it's all insecure, they can also just inject the activation delegation.
>
> If something injects an ad into random sites you visit, how couldn't
> they also inject script that could vibrate? How could they not redirect
> user gestures to the iframe using postMessage()?
> On Fri, 27 Oct 2017, at 13:54, smaug wrote:
>>> This is a very awkwardly named API...
>>
>> It is. It does smell a bit like a hack.
>> Has anyone thought if there are other similar issues in the web platform
>> and whether there could be some more generic API for all those cases?
>
> The name was discussed with Domenic and Anne in a GitHub issue. It's not
> particularly nice but they wanted something clear and explicit. Anyone
> is welcome to propose name by opening a GitHub issue.
>
> FWIW, this API is a generic API that addresses two use cases to limit
> user annoyance: only allow some features on a frame if the frame was
> interacted with but still allow top frames to drop the requirement. What
> other use cases would you like to be addressed here?
>
> -- Mounir
>
The more I think this, the more I see sandbox="", various allow* attributes and this new proposal to deal
with rather similar issues, basically changing the privileges the iframe has.
Could we come up with some unified API for all that rather than adding new small APIs one by one?
-Olli
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68a1d118-b00a-d6b4-070e-92125bfb2a67%40welho.com.