#840: Fullscreen Popup Windows

Visit on Github.

Opened May 2, 2023

こんにちは TAG-さん!

I'm requesting a TAG review of Fullscreen Popup Windows.

This proposal aims to reduce user and developer friction for initiating a fullscreen experience on the desired display of a multi-screen device. The proposed web platform enhancement allows web applications to open a new window in HTML fullscreen mode on a specific display with a single user gesture.

Further details:

  • I have reviewed the TAG's Web Platform Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future): Second Screen WG
  • The group where standardization of this work is intended to be done ("unknown" if not known): Second Screen WG
  • Existing major pieces of multi-stakeholder review or discussion of this design:
  • Major unresolved issues with or opposition to this design: None
  • This work is being funded by: Google Chrome

You should also know that...

This feature is mainly an extension to the features already shipped in the Window Management API (Issue #522, Issue #602, Issue #767). This feature adds an alternative & simplified method of creating a fullscreen popup and entering full screen on any display which is already possible with the API (which normally requires user activations). This feature reduces it to a single user activation.

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify [@bradtriebwasser]

Discussions

Discussed Jul 17, 2023 (See Github)

Hadley: We've discussed in the past that this is similar to other features, like kiosk mode. But this is for launching a pop-up in fullscreen on a separate screen.

...My privacy/spoofing concerns were that someone could use to spoof, on a second screen, a different site, including the URL bar. But they have put this behind a permission prompt, and have thought through a similar scenario (that a site is spoofing part of the user's operating system desktop instead).

...This functionality already exists through several steps, and they're using this to collapse it down to one. Reduces developer complexity, which is a win.

Hadley: specific to a separate display... behind a perimssiom prompt is helpful. Overall functionality exists through several steps already - they're colapsing down to one step. Helps with developer complexity. Builds on APIs from second screen wg ...

Rossen: We talked about this .. at the time we discussed simplification of existing functionaltiy - we asked why not just extend window.open. On spoofing my main concern is opening transparent windows and doing bad things... user consent is fine ... i'm worried that prompt exhaustion leads to always-open behaviour...

Hadley: it is building on window.open - they are adding a boolean "fullscreen".

Dan: multi-stakeholder?

Hadley: it's in a working group - so multistakeholder as a working group - work done by google and intel. We can ask...

Mozilla standards position

Webkit standards position

Dan: leaves comment

Comment by @torgo Jul 17, 2023 (See Github)

Noting https://github.com/WebKit/standards-positions/issues/101

Comment by @torgo Jul 17, 2023 (See Github)

Hi @bradtriebwasser thanks for sending us this. Some initial questions: is there any further info you can share on multi-stakeholder support, beyond the webkit and mozilla standards positions links - and secondly can you confirm if this draft reflects the consensus of the working group? Regarding the mitigation against the privacy / security issues, we're slightly concerned about prompt exhaustion, but that is a general concern that isn't unique to this review. Have you thought about any additional mitigation techniques?

Comment by @bradtriebwasser Sep 13, 2023 (See Github)

Hi @torgo,

Thanks for your feedback and apologies for the delay.

I requested Second Screen WG/CG feedback on the proposal and with permission, I moved the explainer into the WG repository. We plan to further discuss this proposal with the working group during TPAC 2023 (agenda). Additionally, please consider:

  • The original request.
  • Related requests (e.g. 1, 2, 3).
  • A developer expressed support in repository issue #2.
  • We have partners already taking part in a dev trial, and we are actively soliciting their feedback, which has been positive thus far.

Prompt exhaustion is a valid concern, but security reviewers recommended gating this powerful feature by permission. Since targeting a specific screen implies window-management permission, re-using that permission avoids a separate prompt for this feature. Admins can alleviate enterprise users of this prompt, but that is a very narrow mitigation. We considered removing the window-management permission requirement for same-screen fullscreen popups, but the consensus was to gate all feature usage on permission for now. We generally support permission model innovation, but have not found a satisfying broad solution. Note that since your review, I had also updated the explainer to consume a user gesture along with some other security considerations.

Discussed Jan 1, 2024 (See Github)

Amy: last comment from Hadley was that we can close it. It's been proposed close since last week

Yves: needs accessibility review... it's resolution no comment because we don't know if it's ther ight solution - we want the wg to do its work and come back when they have the right solution. We can close at plenary.

Discussed Jan 8, 2024 (See Github)

Hadley: we were unclear whether this reflected consensus of the 2nd screen wg... that nudged the poster to seek that consensus -- they planned to discuss at tpac. we haven't heard any update. i left a nudge to clarify - it would be good to understand whether this was the wg's consensus...

Comment by @hadleybeeman Jan 8, 2024 (See Github)

Hi @bradtriebwasser. We're just checking in on this. Where did you end up, in your quest for working group consensus? Is the Second Screen WG behind this proposal, or are you all still discussing?

Comment by @anssiko Jan 9, 2024 (See Github)

@hadleybeeman let me try to provide the latest status, @bradtriebwasser will fill me in as needed. Most recently the Second Screen WG discussed this proposal during TPAC 2023 F2F.

In fact, the WG discussed a number of new proposed extensions to the Window Management API, this is one of them. The aim was not to try to establish a consensus position at this stage but familiarize the group with what is proposed. The WG is looking forward to Origin Trial feedback that will help inform the WG.

Discussed Jan 15, 2024 (See Github)

Hadley: I was concerned we not spend too much time if this is one proposal among many in the WG, which seems to be the case

Dan: it seems like some of the feedback we've raised could benefit from hearing what happens with the origin trial. Should we just say that?

Hadley: never a bad thing to have more information, but how much do we want to invest in something that the WG hasn't selected?

Amy: it'd benefit everyone if there are multiple proposals for them to explain to us what the sticking points for consenus are and see if we have architectural advice, rather than us just looking at one proposal at a time with nothing to compare it to

Dan: do we have this because it's part of the Blink process?

Peter: OT information should feed into the TAG

Matthew: +1 to the idea of seeing what the lay of the land is if there are multiple proposals, so we're looking at them together (or the differences). Expecting some non-zero likelihood that focus management is going to come into this. There isn't specific mention of focus management or accessibility int he explainer. Not sure if it's because it's the same as the normal fullscreen api. Seems like it's worth them being more explicit about any accessibility concerns in the explainers.

Peter: small concern about their api, but not sure if we should give them feedback without looking at other options. Their example, you have to pass in the four coordinates of the other screen.. seems redundant. A window in fullscreen mode vs a window taking up the entire screen? pass identifier screen not coordinates - not sure if there is an identifier.

Matthew: sounds like the coordinates are optional?

Peter: coordinates to target a different screen... if they have a label why can't I just say fullscreen on screen with this label

Matthew: Agree. Says they could also include window bounds features. Implies its optional but not explicit

Peter: their example shows using all the coordinates to target screen. Not thrilled with feature detection.

<blockquote>

Thanks for the reply, @Anssiko. Are there alternative proposals for similar functionality that the WG is also considering? Is there is a particular architectural question we can help with, or are you having trouble achieving consensus in a way that we can help with?

At this stage, we would recommend that, as a working group, you all work towards consensus and come back to us when you have a single proposal for us to review.

Having said all that, we have looked at what you are proposing here and are recording a couple of thoughts as well.

We noticed that there isn't specific mention of focus management or accessibility in the explainer. Can you make accessibility considerations explicit in the explainer / spec?

Another specific question that came up in our discussion: do you require passing in 4 coordinates of the other screen when targeting a different screen? Passing a screen's label may have better developer ergonomics.

Considering the early stage here, we don't think it's appropriate to give a final review at this time. You can re-open the issue if you have any specific questions, or feel free to open a new issue if the proposal changes significantly.

</blockquote>

proposed close

Comment by @hadleybeeman Jan 15, 2024 (See Github)

Thanks for the reply, @Anssiko. Are there alternative proposals for similar functionality that the WG is also considering? Is there is a particular architectural question we can help with, or are you having trouble achieving consensus in a way that we can help with?

At this stage, we would recommend that, as a working group, you all work towards consensus and come back to us when you have a single proposal for us to review.

Having said all that, we have looked at what you are proposing here and are recording a couple of thoughts as well.

We noticed that there isn't specific mention of focus management or accessibility in the explainer. Can you make accessibility considerations explicit in the explainer / spec?

Another specific question that came up in our discussion: do you require passing in 4 coordinates of the other screen when targeting a different screen? Passing a screen's label may have better developer ergonomics.

Considering the early stage here, we don't think it's appropriate to give a final review on this proposal at this time. You can re-open the issue if you have any specific questions, or feel free to open a new issue with broader architectural concerns.

Comment by @anssiko Jan 16, 2024 (See Github)

Thanks for your thoughts and guidance for this early design review request. The explainer documents other alternatives considered and brought to the WG's attention. All these alternatives have shortcomings as documented in the explainer, a motivator for this new proposal.

Your ask regarding a11y and suggestion for better developer ergonomics are well received and will be considered.

As said, the WG will listen to Origin Trial feedback and will come back should the feedback suggest there is significant user need for this feature among early adopter population. Thank you for your time and guidance.

Comment by @hadleybeeman Jan 17, 2024 (See Github)

Great, thanks @anssiko! We will close this issue then.

Feel free to get back in touch when the working group has chosen a way forward, if we can help at that point.