Re: [w3c/screen-orientation] Are ScreenOrientation change events scoped as tightly as possible (Issue #262)

marcoscaceres left a comment (w3c/screen-orientation#262)

Thank you for your review. Here are the responses to your questions:

## Events on visible, top-level windows
Correct. We've strengthened this further by requiring documents be a "fully active descendant of a top-level traversable with user attention" per the HTML spec.

## Focus restrictions would be wrong
Yes, you're correct. Focus-only restrictions would break legitimate use cases like side-by-side windows. The "user attention" requirement provides better balance - it prevents background fingerprinting while allowing visible content to respond appropriately.

## Changes made
- Events now require "user attention" (system-visible AND either focused OR able to receive keyboard input)
- Additional visibility state checks provide defense in depth
- Documents must be fully active descendants of top-level traversables

## Recommendations for other APIs
This would be better addressed in W3C TAG Design Guidelines. I'll propose this principle:

**Proposed TAG Design Principle:**
"For APIs delivering events with potentially sensitive user information while remaining essential for functionality, require documents to be 'fully active descendant of a top-level traversable with user attention' rather than simple visibility or focus checks."

## Links to design decisions
Privacy restrictions are documented in the specification's Event Delivery Restrictions section.

**PR:** [#266](https://github.com/w3c/screen-orientation/pull/266)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/screen-orientation/issues/262#issuecomment-3411647334
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/screen-orientation/issues/262/3411647334@github.com>