diff --git a/source b/source index ab399ac5e70..e8243b52718 100644 --- a/source +++ b/source @@ -72499,62 +72499,106 @@ END:VCARD
A user interaction activates a Window
object
- W if either:
Window
- object in a subframe of W.When a user interaction in a browsing context B causes firing of an activation triggering input events in that context, it
+ activates the Window
objects in all ancestor browsing contexts of B (including
+ the one in B itself). The UA activates all relevant Window
objects before
+ it dispatches the input event to any EventTarget
.
The user activation state of a Window
object W consists of
two boolean flags, both of which are initially set to false:
Window
object of the page.The sticky activation flag indicates the historical activation state: whether + the user has ever interacted with W or its subframes. When W is activated for the very first time, the UA sets the flag to true. + This flag is never set to false during the lifetime of W.
The transient activation flag indicates the current activation state: whether + the user is currently interacting with W or its subframes. Every time W is + activated, the UA sets the flag to true. The UA sets the + flag to false when the flag either expires or gets consumed.
The propagation of the transient activation flag in the frame tree
- is assymetric between setting vs resetting of the flag. A user interaction with a frame
- F sets the flag in the Window
object of each ancestor frame of
- F (including F itself). However, an activation-consuming
- API call in the context of the Window
object of frame of F resets
- the flag in all Window
objects across the whole frame tree. This prevents
- multiple calls to an activation-consuming API even when the frame hierarchy
- is deep.
The UA sets the transient activation flag to false after a UA-defined expiry + time has elapsed since the last time W was + activated.
+ +The expiry time has to be at most a few seconds so that the user can possibly + perceive the link between an interaction with a page and the page opening a popup, for + example.
+ +The UA can possibly implement the expiration of transient activation + flag through time-stamping: the UA would have an internal time-stamp field in user + activation state which is updated to current time-stamp every time W is + activated. Then every time the transient activation + flag is checked, the UA would return true iff current time-stamp is less than the stored + time-stamp plus the expiry time.
+ +The UA sets the transient activation flag to whenever any script in the page
+ makes a call to an activation consuming API such as window.open()
.
Note the assymetry between setting the transient activation
+ flag to true and false from the perspective of the browsing contexts of the page. A user interaction with a Window
+ object W sets to true the transient activation flags in only the ancestor browsing contexts of W. However,
+ a consumping in W sets to false the flags in all browsing contexts of the page (more
+ precisely, all descendant browsing
+ contexts of the top-level browsing context of W). Consuming the
+ flag in this manner prevents malicious sites from making multiple calls to an activation
+ consuming API from a single user activation (possibly by exploiting a deep hierarchy of
+ browsing contexts).
APIs that are dependent on user activation state are classified into three different levels. The levels are as follows, sorted by their "strength of dependence" on user activation (from strongest to weakest):
-These APIs require the transient activation flag to be true, and they consume the flag in each call to prevent multiple + calls per user activation.
These APIs require the transient activation flag to be true but don't consume it, so + multiple calls are allowed per user activation until the transient bit expires.
These APIs require the sticky activation flag to be true, so they are blocked + until the very first user activation.
type
is one of:
change
click
contextmenu
dblclick
mouseup
pointerup
reset
submit
touchend
change
click
contextmenu
dblclick
mouseup
pointerup
reset
submit
touchend