Re: [w3ctag/design-reviews] TAG review request: User Activation v2 (#295)

> One question that I think would help our evaluation: is there a list somewhere of the behaviors that depend on the user activation state?

[Here](https://docs.google.com/document/d/1mcxB5J_u370juJhSsmK0XQONG2CIE3mvu827O-Knw_Y/edit?usp=sharing) is a list of Chrome APIs that rely on user activation.

Note that it's a Chrome-only list, and major browsers vary significantly in exposed behavior today.  For example, even for popups browsers show [widely different activation behavior](https://docs.google.com/document/d/1hYRTEkfWDl-KO4Y6cG469FBC3nyBy9_SYItZ1EEsXUA/edit?usp=sharing).

> I ask because I wonder if they're at similar positions on the spectrum from (a) annoyance to (b) serious privacy or security violation. That is, I'm wondering whether we're now depending on the user activation concept, originally created for annoyance mitigation, for things that are actually more sensitive.

That's a valid question that doesn't have any answer in the Web today because of the horrible lack of interop.  This proposal formalizes a core behavior for the Web, and provides the basis for answering this question individually for every dependent API in future.  We hope that those dependent APIs would (try to) gradually spec their behavior around it, and it's conceivable that some of them would be considered too sensitive to rely on it.

In short, it's _not_ our goal to fully define ~30 different API dependencies in one shot.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/295#issuecomment-425167104

Received on Thursday, 27 September 2018 16:59:22 UTC