[w3ctag/design-reviews] 'focus-without-user-activation' permissions policy (Issue #1066) from Siye Liu on 2025-03-07 (public-webapps-github@w3.org from March 2025)

From: Siye Liu <notifications@github.com>
Date: Thu, 06 Mar 2025 16:07:22 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/1066@github.com>

siliu1 created an issue (w3ctag/design-reviews#1066)

こんにちは TAG-さん!

I'm requesting a TAG review of a new permissions policy named 'focus-without-user-activation'.

The `focus-without-user-activation` permissions policy help controls the use of automated focus in a main frame or <iframe>. The proposed permissions policy can be used to limit the use of automatic focus. Essentially, when the policy is disabled in a document, scripted and automatic focus will only work if the focus has been initialized through user activation. This essentially means that autofocus will be disabled (unless a new element is inserted, with autofocus, as a result of user gesture). The scripted focus will also only work if it has started with user gesture or initiated from current frame's parent.

  - Explainer¹: https://github.com/gabrielsanbrito/webappsec-permissions-policy/blob/main/policies/focus-without-user-activation.md
  - Specification: https://github.com/whatwg/html/pull/10672
  - WPT Tests:
    - https://wpt.fyi/results/permissions-policy/experimental-features/focus-without-user-activation-enabled-tentative.sub.html?label=experimental&label=master&aligned
    - https://wpt.fyi/results/permissions-policy/experimental-features/focus-without-user-activation-disabled-by-permissions-policy-cross-origin.tentative.https.sub.html?label=experimental&label=master&aligned, https://wpt.fyi/results/permissions-policy/experimental-features/focus-without-user-activation-disabled-by-permissions-policy.tentative.https.sub.html?label=experimental&label=master&aligned
    - https://wpt.fyi/results/permissions-policy/experimental-features/focus-without-user-activation-disabled-tentative.html?label=master&label=experimental&aligned
    - https://wpt.fyi/results/permissions-policy/experimental-features/focus-without-user-activation-enabled-tentative.sub.html?label=experimental&label=master&aligned
  - User research: N/A
  - Security and Privacy self-review²:
  - GitHub repo: https://github.com/w3c/webappsec-permissions-policy, https://github.com/whatwg/html
  - Primary contacts:
      - Fernando Fiori ([@ffiori](https://github.com/ffiori)), Microsoft, implementer
      - Siye Liu ([@siliu1](https://github.com/siliu1)), Microsoft, implementer
  - Organization/project driving the specification: Microsoft
  - Multi-stakeholder support³:
    - Chromium comments: https://chromestatus.com/feature/5179186249465856
    - Mozilla comments: https://github.com/mozilla/standards-positions/issues/1080
    - WebKit comments: https://github.com/WebKit/standards-positions/issues/406
  - Status/issue trackers for implementations⁴: https://chromestatus.com/feature/5179186249465856

Further details:

  - [X] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - Previous early design review, if any: https://github.com/w3ctag/design-reviews/issues/####
  - Relevant time constraints or deadlines:
  - The group where the work on this specification is currently being done:
  - The group where standardization of this work is intended to be done (if different from the current group):
  - Major unresolved issues with or opposition to this specification:
  - This work is being funded by:


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/1066
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/1066@github.com>

Received on Friday, 7 March 2025 00:07:26 UTC