Difference between revisions of "Pop-up Window"
(→Blink-dev Status) |
(→Context) |
||
| Line 3: | Line 3: | ||
==Context== | ==Context== | ||
| − | + | * Many malicious attackers were able to take-over a user's [[Browser]] experience until they clicked on a link which caused an undesirable result for the user. | |
| + | * The only way out was to shut down the browser which most users would not expect or attempt. | ||
==Blink-dev Status== | ==Blink-dev Status== | ||
Latest revision as of 09:54, 5 August 2022
Full Title or Meme
The use of Pop-up Windows in Browsers, especially modal windows, has led to a wide variety of attacks on the user's Attention.
Context
- Many malicious attackers were able to take-over a user's Browser experience until they clicked on a link which caused an undesirable result for the user.
- The only way out was to shut down the browser which most users would not expect or attempt.
Blink-dev Status
Mason Freed <masonf@chromium.org> Wed, Aug 3, 11:18 AM (2 days ago) to blink-dev
Contact emails masonf@chromium.org
Explainer https://open-ui.org/components/popup.research.explainer
Specification
Summary
An API that can be used to build transient user interface (UI) elements that are displayed on top of all other web app UI. These include user-interactive elements like action menus, form element suggestions, content pickers, and teaching UI. This API uses a new `popup` content attribute to enable any element to be displayed in the top layer. This is similar to the <dialog> element, but has several important differences, including light-dismiss behavior, pop-up interaction management, animation and event support, and the lack of a "modal" mode.
TAG review https://github.com/w3ctag/design-reviews/issues/743
TAG review status Pending
Risks
- Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
- Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
Goals for experimentation
- Validation of the shape and ergonomics of the overall pop-up API. Feedback should include use cases that do not work well (or that do work particularly well), performance issues, etc. Ideally, use cases should include as much of the API as possible, including multiple pop-up types (auto, hint, manual), nested pop-ups, declarative and imperative pop-up invocation, etc.
Debuggability
- A feature has been added to devtools which shows all of the elements that are currently in the top layer, plus annotations of those elements in the Elements tree. Elements that use the pop-up API will be shown with this feature.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes
Is this feature fully tested by web-platform-tests? Yes
Flag name
- enable-experimental-web-platform-features
Requires code in //chrome? False
Tracking bug https://crbug.com/1307772
Estimated milestones
OriginTrial desktop last 110 OriginTrial desktop first 106 OriginTrial Android last 110 OriginTrial Android first 106 OriginTrial webView last 110 OriginTrial webView first 106
Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5463833265045504
Links to previous Intent discussions Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/9y-Thg9UCxY/m/_4gShWjQAAAJ
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM%3DNeDjJOC2%2B5aHfAoN8wOx8T0gtm%3D-o6eNK5XD6Ps5iRet6zA%40mail.gmail.com.
