Re: [w3c/screen-orientation] Switch to using fully active descendant of a top-level traversable with user attention (PR #266) from Copilot on 2025-10-16 (public-webapps-github@w3.org from October 2025)

From: Copilot <notifications@github.com>
Date: Thu, 16 Oct 2025 10:00:43 -0700
To: w3c/screen-orientation <screen-orientation@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/screen-orientation/pull/266/review/3345950145@github.com>

@Copilot commented on this pull request.

## Pull Request Overview

Strengthens privacy protections and clarifies event delivery/locking by requiring orientation behavior only for documents that are fully active descendants of a top-level traversable with user attention, and by adding explicit anti-fingerprinting guidance.
- Replace visibility-only checks with a stronger “fully active descendant of a top-level traversable with user attention” gate for events and locking
- Elevate fullscreen pre-lock requirement from SHOULD to MUST to mitigate fingerprinting
- Add new privacy sections detailing event delivery restrictions and anti-fingerprinting mitigations





---

<sub>**Tip:** Customize your code reviews with copilot-instructions.md. <a href="/w3c/screen-orientation/new/gh-pages/.github?filename=copilot-instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Create the file</a> or <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">learn how to get started</a>.</sub>

>        <p>
-        To resist fingerprinting (e.g., in private browsing), user agents MAY:
+        To protect user privacy, orientation change events are subject to
+        several delivery restrictions:
+      </p>
+      <ul>
+        <li>Events only fire on documents that are [=Document/fully active

Plural/singular mismatch: 'documents that are ... descendant' is ungrammatical. Rephrase to singular to match the linked term.
```suggestion
        <li>Events only fire on a document that is [=Document/fully active
```

> +          Developers need to be aware that documents that are not
+          [=Document/fully active descendant of a top-level traversable with
+          user attention=] will not receive orientation change events. However,
+          once the document meets these requirements again (becomes visible and
+          gains user attention), it will receive change events reflecting the
+          current orientation.

Plural/singular mismatch in the first sentence. Use singular to match the linked term and improve readability.

>          A screen's [=Screen/current orientation type|type=] and
         [=Screen/current orientation angle|angle=] are a potential
-        fingerprinting vector. The following mitigation help protect a user's
-        privacy by not revealing how a device is being held, and also prevents
+        fingerprinting vector. The following mitigations help protect a user's

Subject-verb agreement/number: with two subjects ('type' and 'angle'), use plural 'vectors'.

>        <p>
-        To resist fingerprinting (e.g., in private browsing), user agents MAY:
+        To protect user privacy, orientation change events are subject to
+        several delivery restrictions:
+      </p>
+      <ul>
+        <li>Events only fire on documents that are [=Document/fully active
+        descendant of a top-level traversable with user attention=]
+        </li>
+        <li>Additional [=Document/visibility state=] checks provide defense in
+        depth against hidden documents
+        </li>
+        <li>Events originate from [=top-level browsing context=] documents and

Terminology is inconsistent with the rest of the PR, which uses 'top-level traversable'. Prefer 'the active document of a [=top-level traversable=]' (and link [=active document=]) for consistency with HTML's current terms.
```suggestion
        <li>Events originate from the [=active document=] of a [=top-level traversable=] and
```

> +        The requirement for [=Document/fully active descendant of a top-level
+        traversable with user attention|user attention=] ensures that

The link text 'user attention' points to the 'fully active descendant...' concept, which is misleading. Link 'user attention' to the HTML 'user attention' concept, and separately link the 'fully active descendant of a top-level traversable' term.
```suggestion
        The requirement for documents to be [=Document/fully active descendant of a top-level traversable=] with [=HTML/user attention=] ensures that
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/screen-orientation/pull/266#pullrequestreview-3345950145
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/screen-orientation/pull/266/review/3345950145@github.com>

Received on Thursday, 16 October 2025 17:00:47 UTC