Skip to content

[focus-without-user-activation] Add pseudo algorithm and examples #574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

[focus-without-user-activation] Add pseudo algorithm and examples #574

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
931f86f
Add pseudo algorithm and examples
ffiori Aug 8, 2025
918f8df
clarify inclusive descendant definition
ffiori Aug 8, 2025
a6f29fd
Merge branch 'main' into focus-without-user-activation-pseudo
ffiori Aug 8, 2025
a4a1aed
rewording - PR feedback
ffiori Aug 8, 2025
b21fdaa
move pseudo algorithm to new section
ffiori Aug 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 33 additions & 5 deletions policies/focus-without-user-activation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,21 @@ In a nutshell:
* Before starting [steps](https://html.spec.whatwg.org/multipage/interaction.html#dom-window-focus) for `element.focus(options)` the same verification for the policy and user activation should be performed.
* Around step 2 of the [spec](https://html.spec.whatwg.org/multipage/interaction.html#dom-window-focus) for `window.focus()`, the same enforcement should be made (using the browsing context of the `window` itself to obtain the permissions policy state).

Pseudo-algorithm for how the policy would integrate with focus:

```
algorithm is_allowed_to_set_focus(focus_setter_frame, currently_focused_frame):
if focus_setter_frame has the policy allowed:
return true

if currently_focused_frame is an inclusive descendant frame of focus_setter_frame:
return true

return false
```

Note: An [inclusive descendant](https://html.spec.whatwg.org/#inclusive-descendant-navigables) frame is a frame that is either the same frame or a descendant frame in the frame tree hierarchy.

Using the Feature
-------------
This feature can be introduced with the HTTP headers. For instance,
Expand All @@ -50,11 +65,6 @@ To disable the feature for a specific `<iframe>`, the `allow` attribute can be u
which would block use of focus (without activation) for the document inside the `<iframe>`
unless it is a same-origin document.

The Extra Mile
-----------
Automatic focus, in general, poses security concerns. It might be a good idea to disable this policy
in all sandbox-ed frames (treat the policy as a sandbox flag).

Alternative Solutions Considered
-----------
This section lists other possible solutions that were considered during the development of the proposal outlined in this explainer.
Expand Down Expand Up @@ -85,3 +95,21 @@ This section lists other possible solutions that were considered during the deve
3. **Sandbox flag approach**: The possibility of implementing this control as a [sandbox](https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement/sandbox) flag was analyzed instead of a permissions policy.

Adding this functionality to the sandbox would be potentially breaking, as it would immediately affect every sandboxed frame and require all sites to update their code if they needed to restore the functionality. In contrast, implementing this as a permissions policy is non-breaking: with a default allowlist of `'self'`, it provides an opt-in control mechanism that is enabled by default everywhere but can be selectively disabled when needed.

Appendix
-----------

These are some example cases of how focus setting would now work with this new policy in the pseudo-algorithm described above:

| Case | Policy Enabled on `focus_setter_frame` | `focus_setter_frame` | `currently_focused_frame` | Allowed to Set Focus? | Reason |
|------|----------------------------------------|------------------------|----------------------------|------------------------|--------|
| 1 | No | Parent | Child | Yes | Parent-child relationship is allowed by default. |
| 2 | No | Child | Parent | No | No policy and not a permitted direction. |
| 3 | No | Grandparent | Grandchild | Yes | Ancestor allowed to set focus when a descendant has it. |
| 4 | No | Grandchild | Grandparent | No | No policy and not a direct relationship. |
| 5 | No | Same frame | Same frame | Yes | A frame is always allowed to set focus on (maybe another element of) itself if it already has focus. |
| 6 | Yes | Parent | Child | Yes | Policy allows it explicitly. |
| 7 | Yes | Child | Parent | Yes | Policy allows it explicitly. |
| 8 | Yes | Grandparent | Grandchild | Yes | Policy allows it explicitly. |
| 9 | Yes | Grandchild | Grandparent | Yes | Policy allows it explicitly. |
| 10 | Yes | Same frame | Same frame | Yes | Policy allows it explicitly. |