Primary eng (and PM) emails
Currently every touch event is considered a "user gesture" and so able to do sensitive operations such as spawn popups. I propose that in (for now) cross-origin iframes, the only touch event that would get a user gesture is the touchend corresponding to a tap. Details are in the intervention doc here, and discussed here.
We've seen multiple examples of poorly written / malicious ads which trigger navigation for touch scrolls (either on touchstart or all touchend events). If a 'wheel' event can't open a pop-up, then really touch scrolling shouldn't either.
AFAIK Chrome has permitted this since touch support was first added.
Mobile Safari already (silently) suppresses pop-ups on all touch events except for the touchend associated with a tap, so the risk there should be low. There is more risk around features that require a user gesture which aren't supported by Mobile Safari, such as fullscreen. It's not unreasonable, for example, for a site to have a swipable toggle switch for enabling fullscreen mode which could break (although I've never seen such an example myself). To mitigate that risk I propose applying this intervention ONLY to touches targeted at cross-origin iframes.
Alternative implementation suggestion for web developers
The UX for sensitive operations should be designed to require a tap gesture.
Usage information from UseCounter
Don't know for sure yet, so this is just about deprecating and measuring at the moment. I'd like to extend the UserGestureIndicator infrastructure to be able to (mostly) track usage, and then use that to add two new metrics:
- TouchDragUserGestureUsed: a sequence of touch events (other than a touchend for a tap) generated a UserGestureIndicator which got used for some purpose.
- TouchDragUserGestureUsedCrossOrigin: like the above, but the touch was also targeted at a cross-origin iframe. I'd like to report a deprecation warning for this, saying we plan to remove support in M52.
OWP launch tracking bug
Entry on the feature dashboard
Requesting approval to remove too?
Not yet, plan to remove in M52.
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
- TouchDragUserGestureUsedCrossOrigin: like the above, but the touch was also targeted at a cross-origin iframe. I'd like to report a deprecation warning for this, saying we plan to remove support in M52.0.06% of page views. This seems consistent with the anecdotal reports of occasional pop-ups when scrolling (due to bad ads). Of course it's possible there are some legitimate use cases mixed in here too, but it's rare enough that I think the benefit clearly outweighs the risk.