Skip to content

Move elements of pointerId informative note to normative text#411

Merged
patrickhlauke merged 3 commits into
gh-pagesfrom
patrickhlauke-notes-vs-normative2
Oct 13, 2021
Merged

Move elements of pointerId informative note to normative text#411
patrickhlauke merged 3 commits into
gh-pagesfrom
patrickhlauke-notes-vs-normative2

Conversation

@patrickhlauke

@patrickhlauke patrickhlauke commented Sep 13, 2021

Copy link
Copy Markdown
Member
@patrickhlauke

Copy link
Copy Markdown
Member Author

felt that the part about the lifetime of the page etc was still quite important, so grafted it into the normative part. we can discuss this week at the meeting

Comment thread index.html Outdated
<dt><dfn>pointerId</dfn></dt>
<dd>
<p>A unique identifier for the pointer causing the event. This identifier MUST be unique from all other <a data-lt="active pointer">active pointers</a> in the <a>top-level browsing context</a> (as defined by [[HTML]]) at the time. The <code>pointerId</code> value of <code>-1</code> is reserved to indicate events that were generated by something other than a pointing device. The user agent MAY recycle previously retired values for <code>pointerId</code> from previous active pointers, if necessary.</p>
<p>A unique identifier for the pointer causing the event. This identifier MUST be unique from all other <a data-lt="active pointer">active pointers</a> in the <a>top-level browsing context</a> (as defined by [[HTML]]) at the time, and the identifier MUST NOT be influenced by any other top-level browsing context. The <code>pointerId</code> value of <code>-1</code> is reserved to indicate events that were generated by something other than a pointing device. The user agent MAY recycle previously retired values for <code>pointerId</code> from previous active pointers, or it MAY always reuse the same <code>pointerId</code> for a particular pointing device for the lifetime of the page. However, in the latter case, the <code>pointerId</code> MUST be randomized, to minimize the chance of fingerprinting and tracking across different pages.</p>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it look a bit less hand-wavy?

...MUST NOT be influenced by existing pointers in any other... (emphasis marks the new text)

Not sure if this would leave something important out!

@patrickhlauke

Copy link
Copy Markdown
Member Author

discussed at today's meeting, needs a bit more finessing:

  • need to clarify that mouse pointerId can be unique (and is, though the value differs across implementations)
  • bring forward the rationale for doing it (tracking prevention)
while more verbose, this is an attempt to just explain a bit more what we're trying to do here (prevent tracking/fingerprinting, while also trying to allow some kind of "persistent" pointerId for collaborative scenarios with multiple users, for the lifetime of the page)
@patrickhlauke

Copy link
Copy Markdown
Member Author

@mustaqahmed @smaug---- @flackr made an admittedly wordy stab at turning the whole explanation around to make it clearer, while also introducing the new idea that mouse's pointerId can be reserved and always the same (it's what Chrome and Firefox do) but without specifying any particular value. thoughts appreciated ... it still feels super dense, but maybe it IS clearer?

@patrickhlauke

Copy link
Copy Markdown
Member Author

note to self: this PR will need a more descriptive title when/if it gets merged

@patrickhlauke patrickhlauke merged commit d5e6171 into gh-pages Oct 13, 2021
@patrickhlauke patrickhlauke deleted the patrickhlauke-notes-vs-normative2 branch October 13, 2021 15:29
@smaug---- smaug---- added needs-wpt Investigation whether the issue needs a wpt test has been done and wpt is missing and removed wpt labels Nov 23, 2022
@mustaqahmed

Copy link
Copy Markdown
Member

The major part of this PR is covered by WPTs. The few remaining points seem hard to test: most are optional, others need multiple top-level browsing contexts (needs discussion). Below is a dump of the pointerId section with my comments:

User agents MAY reserve a generic pointerId value of 0 or 1 for the primary mouse pointer.

Optional, hence untestable.

The pointerId value of -1 MUST be reserved and used to indicate events that were generated by something other than a pointing device.

Covered in *_is_a_pointerevent.html.

For any other pointers, user agents are free to implement different strategies and approaches in how they assign a pointerId value. However, all active pointers in the top-level browsing context must be unique, and the identifier MUST NOT be influenced by any other top-level browsing context (i.e. one top-level browsing context cannot assume that the pointerId of a pointer will be the same when the pointer moves outside of the browsing context and into another top-level browsing context).

Is there a way to have multiple top-level browsing contexts in a WPT?

The user agent MAY recycle previously retired values for pointerId from previous active pointers, or it MAY always reuse the same pointerId for a particular pointing device (for instance, to uniquely identify particular pen/stylus inputs from a specific user in a multi-user collaborative application).

Optional, hence untestable.

However, in the latter case, to minimize the chance of fingerprinting and tracking across different pages or domains, the pointerId MUST only be associated explicitly with that particular pointing device for the lifetime of the page / session, and a new randomized pointerId MUST be chosen the next time that particular pointing device is used again in a new session.

We can simulate a touch pointer crossing an iframe boundary multiple times and can swap iframe content during this interaction. But this is complicated, and the MUST here is conditional!

@mustaqahmed

Copy link
Copy Markdown
Member

Is there a way to have multiple top-level browsing contexts in a WPT?

In a past PEWG meeting, we agreed this may be testable using a same origin popup but it is not clear if "moving a pointer from one browsing context to another" is even supported by test-driver actions.

Removing the needs-wpt label because the major part of the PR is covered by WPTs already.

@mustaqahmed mustaqahmed removed the needs-wpt Investigation whether the issue needs a wpt test has been done and wpt is missing label Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

4 participants