Intent to Experiment: Open popups as fullscreen windows

310 views
Skip to first unread message

Brad Triebwasser

unread,
Sep 26, 2023, 4:16:01 PM9/26/23
to blin...@chromium.org, Brad Triebwasser, Mike Wasserman

Contact emails

btr...@chromium.org, m...@chromium.org


Explainer

https://github.com/w3c/window-management/blob/main/EXPLAINER_fullscreen_popups.md


Specification

https://github.com/w3c/window-management/blob/main/EXPLAINER_fullscreen_popups.md#spec-changes


Design docs

https://github.com/w3c/window-management/blob/main/security_and_privacy_fullscreen_popups.md


Summary

Adds the ability to open a popup directly to fullscreen. 


Adds a `fullscreen` option to the `windowFeatures` parameter to the `window.open()` JavaScript API, which allows the caller to open a popup directly to full-screen on the display that would contain the popup (based on `screenX`/`screenY`). This eliminates the need for the developer to manually transition a popup into fullscreen, which could require a separate user activation signal.


Blink component

Blink>Fullscreen, Blink>WindowDialog, Blink>Screen>MultiScreen


TAG review

https://github.com/w3ctag/design-reviews/issues/840


TAG review status

Pending


Risks



Interoperability and Compatibility


Gecko: No signal (https://github.com/mozilla/standards-positions/issues/714)


WebKit: No signal (https://github.com/WebKit/standards-positions/issues/101)


Web developers: Positive https://github.com/w3c/window-placement/issues/7 https://github.com/w3c/window-placement/issues/98 https://github.com/w3c/window-placement/issues/92


Other signals:


WebView application risks

This feature is not supported on WebView, attempted usage will fall back to existing behavior.


Goals for experimentation

Gather feedback from early adopters on the API shape, ease of integration, edge cases that may require attention. Iterate on potential UX improvements related to this alternative fullscreen entrypoint.


Ongoing technical constraints

None


Debuggability

This feature utilizes the existing `windowFeatures` string parameter in `window.open()` and does not modify any structured (i.e. WebIDL) API surface. This feature will utilize existing fullscreen APIs which developers can use for debugging (`document.fullscreenElement`, `fullscreenchange`, and `fullscreenerror`, etc.), in the absence of an `Element.requestFullscreen()` promise.


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

No. This feature initially only applies to desktop platforms. Support for mobile platforms may be considered in the future.


Is this feature fully tested by web-platform-tests?

Mostly. Automated web platform tests are limited to single display environments, so manual execution is required to test fullscreen popups across displays. (crbug.com/1252062)


Flag name on chrome://flags

chrome://flags/#fullscreen-popup-windows


Finch feature name

FullscreenPopupWindows


Requires code in //chrome?

False


Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1142516


Launch bug

https://launch.corp.google.com/launch/4263088 


Estimated milestones

OriginTrial desktop last

123

OriginTrial desktop first

119

DevTrial on desktop

113


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6002307972464640


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/t8lL5RvfLJY 

Ready for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/EnDQsWx8cGQ


Ajay Rahatekar

unread,
Sep 28, 2023, 2:19:50 PM9/28/23
to blink-dev, btr...@chromium.org, m...@chromium.org

Brad Triebwasser

unread,
Sep 28, 2023, 3:17:38 PM9/28/23
to blink-dev, ajayra...@google.com, Brad Triebwasser, Mike Wasserman
Correction:

OriginTrial desktop last: 122 (not 123).

Eric Lawrence

unread,
Sep 28, 2023, 3:59:03 PM9/28/23
to blink-dev, btr...@chromium.org, ajayra...@google.com, m...@chromium.org
Given the extremely widespread use of Fullscreen in techscams, I'm concerned about making things easier for attackers.

Can I use this new API to make it such that every time my victim user clicks in a fullpage attack window a new fullpage attack window opens over top of it? Or does a user only get one full-screen window at a time?

Avi Drissman

unread,
Sep 28, 2023, 4:14:21 PM9/28/23
to Brad Triebwasser, blin...@chromium.org, Mike Wasserman
As a clarification, would this be behind and gated by the Window Management permission? The URLs of the spec imply that but I wanted to be sure.

Avi

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALEeEUCSym%2BRaquhSMyAjwEF09dWS3zLJk97kj8XaoCscL61Fg%40mail.gmail.com.

Brad Triebwasser

unread,
Sep 28, 2023, 6:30:56 PM9/28/23
to Avi Drissman, blin...@chromium.org, Mike Wasserman
Avi: That's right, window-management permission must be granted for this feature to work (and appropriate permission policies). If not, the behavior falls back to opening the popup normally.

Eric: We share your concerns. Besides the permission requirement, existing user security mitigations prohibit popups (fullscreen or otherwise) showing over existing HTML Fullscreen windows. Chromium-based browsers exit HTML Fullscreen when a popup window from the opener chain is opened or moved onto the same display. Attackers gain little advantage using this HTML Fullscreen API entrypoint over the classic Element.requestFullscreen().


Regards,
Brad

Ajay Rahatekar

unread,
Oct 4, 2023, 12:25:58 AM10/4/23
to blink-dev, btr...@chromium.org, blin...@chromium.org, m...@chromium.org, Avi Drissman
Hi API Owners,

Please let us know if you have any other questions or comments. The Origin Trial is planned for M119 shipping to Stable on Tue, Oct 31, 2023.

Thanks in advance.

-Ajay

Yoav Weiss

unread,
Oct 4, 2023, 6:43:12 AM10/4/23
to blink-dev, ajayra...@google.com, Brad Triebwasser, blin...@chromium.org, Mike Wasserman, a...@google.com
Personally, I'd love to see the Privacy and Security boxes in chromestatus turn to green before approving this, as this seems like a potentially risky feature.
Bonus point for pointers to public notes from that review :)

Ajay Rahatekar

unread,
Oct 4, 2023, 3:19:30 PM10/4/23
to blink-dev, yoav...@chromium.org, Ajay Rahatekar, btr...@chromium.org, blin...@chromium.org, m...@chromium.org, Avi Drissman
Thank you Yoav, for your comments. We have requested Privacy and Security reviews in chromestatus. The Security/Privacy questionnaire is available at https://github.com/w3c/window-management/blob/main/security_and_privacy_fullscreen_popups.md.

The Privacy and Security review for this feature was started before the Privacy/Security gates were required in chromestatus and so reviews were conducted using internal process. https://launch.corp.google.com/launch/4263088 (Sorry, internal only) .

Ajay Rahatekar

unread,
Oct 5, 2023, 12:16:46 PM10/5/23
to blink-dev, Ajay Rahatekar, yoav...@chromium.org, btr...@chromium.org, blin...@chromium.org, m...@chromium.org, Avi Drissman
Hi All, 

We have secured Privacy, Security and Debuggability approvals in chromestatus for the Origin Trial.

Chris Harrelson

unread,
Oct 5, 2023, 6:37:20 PM10/5/23
to Ajay Rahatekar, blink-dev, yoav...@chromium.org, btr...@chromium.org, m...@chromium.org, Avi Drissman
LGTM to experiment.

Thank you for completing the privacy and security reviews!

Reply all
Reply to author
Forward
0 new messages