Re: [w3ctag/design-reviews] TAG review request: User Activation Delegation through postMessages (#347)

And so I don't forget, the issue I was hoping to raise was that I'm concerned that being able to pass the state to another frame means that duplication of creating the activation state becomes a sort of privacy vulnerability.  In other words, if, say, a user agent treats both `mousedown` and `mouseup` as triggering a user activation, then it could have a `mousedown` observer that transfers its own user activation state to another document, and then it would get activated again on mouseup.  So this requires that (a) implementations be both more conservative and more interoperable in how they cause a user activation state and (b) that even with that fixed, it seems like it allows spreading user activation state much more broadly than before, since user activations often come in groups.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/347#issuecomment-474595121

Received on Tuesday, 19 March 2019 21:39:51 UTC