On Wed, Oct 20, 2021 at 1:33 AM Anne van Kesteren <ann...@annevk.nl> wrote:
> On Tue, Oct 19, 2021 at 5:57 PM Fernando Serboncini <fs...@chromium.org> > wrote: > > Regarding adding the mitigation to the spec, we didn't do it as it does > look more like an implementation detail (even in our case, we discussed > multiple potential solutions that were satisfactory). I think sticking this > to spec > > would probably be a mistake. > > That said, I can bring up with the WhatWG and ask if we can maybe add an > implementation note that UAs should be aware of not triggering this > immediately on all contexts in different origins. Would that address this? > > I think this should be in the specification. And definitely not just a > note. Privacy and security considerations need to be handled by the > processing model. Any reason this is not tied to visibility? I think > that's what the plan is for equivalent vectors. > It's a bit more nuanced than that, I believe. The visibility part is not the problem, and it probably would be ok to add this to the spec. The problem is that triggering on visibility allows for cros domain coordination of events (an iframe would trigger the same time as the main document). I've moved this conversation to https://github.com/whatwg/html/issues/7130 where we can discuss which parts of this behavior make sense to spec. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADp2-T8pJX%2BPi%3DjHU5ROqZGqh9C_w4TW91UO57vn1rg1yq0AJg%40mail.gmail.com.