Intervention: ignore input events targeting recently-moved iframes.

Feature: Intervention: ignore input events targeting recently-moved iframes.

To prevent unintended clicks/taps, quietly discard input events that target cross-origin iframes that have recently resized or moved a non-trivial distance within the embedding page's viewport. The shipped version limits the intervention to cross-origin iframes that are using the V2 feature set of IntersectionObserver (https://github.com/w3c/IntersectionObserver/tree/v2).

Motivation

The motivation is perhaps best conveyed by this hilarious video: https://www.youtube.com/watch?v=3tUmh8OfAiY We would like to prevent untrustworthy embedders from using visual bait-and-switch tactics to induce users to click or tap on a third-party iframe.

Documentation

https://docs.google.com/document/d/1qzgHiruzTvt0_-rfe7suZRCe2KhSJxiBp28ZTLd9Xls/edit?usp=sharing

Specification

Specification link

Status: Proposal in a personal repository, no adoption from community

Status in Chromium

Blink components: Blink>Input

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Safari: No signal
Web Developers: No signals

Owner

szager@chromium.org

Last updated on 2021-12-13