Okay the security reviewer has now re-reviewed it given the updated information. Thanks!
On Mon, Nov 27, 2023 at 11:55 PM Rick Byers <rby...@chromium.org> wrote: > On Wed, Nov 22, 2023 at 11:49 PM 'Tommy Steimel' via blink-dev < > blink-dev@chromium.org> wrote: > >> >> On Tue, Nov 21, 2023 at 9:43 PM Yoav Weiss <yoavwe...@chromium.org> >> wrote: >> >>> >>> >>> On Friday, November 17, 2023 at 8:47:34 PM UTC+1 Tommy Steimel wrote: >>> >>> Contact emailsstei...@chromium.org, liber...@chromium.org >>> >>> ExplainerNone >>> >>> Specificationhttps://github.com/WICG/document-picture-in-picture/ >>> pull/104 >>> >>> Summary >>> >>> This adds a user gesture requirement for the resizeBy() and resizeTo() >>> Window APIs for document picture-in-picture windows. This allows websites >>> to make use of those APIs while mitigating much of the abuse potential of >>> those APIs on an always-on-top window. >>> >>> >>> Blink componentBlink>Media>PictureInPicture >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EMedia%3EPictureInPicture> >>> >>> TAG reviewN/A as this is a minor change to the behavior of an existing >>> API >>> >>> TAG review statusNot applicable >>> >>> Risks >>> >>> >>> Interoperability and Compatibility >>> >>> None >>> >>> >>> This added requirement would mean that calls to these API can now fail. >>> Is that new? Or are developers already expected to handle failures? >>> Do we expect developers to start checking the UserActivation API >>> <https://developer.mozilla.org/en-US/docs/Web/API/UserActivation> before >>> calling these methods? >>> >> >> Currently these APIs always fail on document picture-in-picture windows >> regardless of user activation (to prevent really spammy always-on-top >> windows). We don't expect developers to check the UserActivation API at >> all, just to only call resizeTo()/resizeBy() in response to a user gesture. >> > > From the subject and summary I also originally assumed this intent was > about adding a user gesture restriction, and it looks like your security > approval was also based on that incorrect understanding. Can you please > re-request a security review with the clarification of the scope of this > feature? Please also update the summary of the feature in ChromeStatus, eg: > "This enables the resizeBy() and resizeTo() Windows methods on document > picture-in-picture windows, but with the added restriction of a user > gesture requirement to mitigate the abuse potential". > > Otherwise it looks fine to me. > > >> *Gecko*: No signal (https://github.com/mozilla/ >>> standards-positions/issues/670#issuecomment-1786354361) Added comment >>> to existing standards position issue for document picture-in-picture. No >>> response yet >>> >>> *WebKit*: No signal (https://github.com/WebKit/ >>> standards-positions/issues/41#issuecomment-1786354016) Added comment to >>> existing standards position issue for document picture-in-picture. No >>> response yet >>> >>> *Web developers*: Positive The ability to programmatically resize the >>> document picture-in-picture window is one of the most-requested features >>> for document picture-in-picture >>> >>> *Other signals*: >>> >>> Ergonomics >>> >>> N/A >>> >>> >>> Activation >>> >>> N/A >>> >>> >>> Security >>> >>> While being able to resize an always-on-top window at will is a >>> security/annoyance risk, by making the API consume a user gesture, the >>> website can only resize once per click, which limits the possible abuse >>> vectors >>> >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> N/A >>> >>> >>> Debuggability >>> >>> N/A >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, Chrome OS, Android, and Android WebView)?No >>> >>> The document picture-in-picture API is not supported on Android >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ?Yes >>> >>> document-picture-in-picture/resize-requires-user-gesture.https.html >>> >>> >>> Flag name on chrome://flagsNone >>> >>> Finch feature nameNone >>> >>> Non-finch justification >>> >>> Small, low-risk change to existing API >>> >>> >>> Requires code in //chrome?False >>> >>> Tracking bughttps://crbug.com/1354325 >>> >>> Sample links >>> https://steimelchrome.github.io/document-pip/click_to_resize.html >>> >>> Estimated milestonesShipping on desktop121 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> N/A >>> >>> Link to entry on the Chrome Platform Statushttps://chromestatus.com/ >>> feature/5398995019235328 >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE-AwAqS29Q2%2BbV89rc8x%2B3BCVQVuLw5QEPnkbrJpy-2mq2bZA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE-AwAqS29Q2%2BbV89rc8x%2B3BCVQVuLw5QEPnkbrJpy-2mq2bZA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAE-AwAoLYMbT4xf8sVPtfBjRLy-wk1wYaPmgtir35WuoPgJtQg%40mail.gmail.com.
