getLayoutMap() can already be accessed by the top level browsing context and I believe it does have fingerprinting concerns: a site can gain knowledge of the keyboard layout of the user even before the user has typed anything. Try this site switching between French and English keyboard layouts: https://fortunate-onyx-wren.glitch.me/french-or-english.html. The privacy mitigation section<https://wicg.github.io/keyboard-map/#privacy-mitigations> describes some mitigations we could add for fingerprinting related concerns.
I don't think exposing this by default to same origin iframes and allowing the top-level browsing context to delegate its authority to use getLayoutMap() to other iframes increases the concern any. If I'm thinking about that wrong please let me know. For the privacy section: I'll make a change to add permission policy along with the top level browsing context restriction to the spec. From: Yoav Weiss <yoavwe...@chromium.org> Sent: Friday, October 15, 2021 5:46 AM To: blink-dev <blink-dev@chromium.org> Cc: Anupam Snigdha <sni...@microsoft.com>; Bo Cupp <pc...@microsoft.com>; Scott Low <sc...@microsoft.com>; gar...@chromium.org <gary...@chromium.org>; Yoav Weiss <yoavwe...@chromium.org> Subject: Re: [EXTERNAL] Re: Intent to Implement and Ship: Feature policy for Keyboard API Reading through https://wicg.github.io/keyboard-map/#privacy the only risk here is increased fingerprinting surface. Is that correct? (aside - the privacy section states that the API is only available in top-level contexts. You probably want to change that) On Thursday, October 14, 2021 at 10:09:04 PM UTC+2 snianu wrote: Can you clarify what the current situation is? getLayoutMap() which is part of the Keyboard API can only be accessed in the top browsing context which cuts off access from same and cross origin iframes. With this permission policy based solution, the default value would be "Self" that grants access to same origin iframe by-default, but requires web authors to add the "keyboard-map" value to allow attribute in order to grant access within cross-origin iframes. IIUC, currently layout maps are not available at all to iframes. Is that correct? Correct. Also, are you suggesting to add a permission policy that would enable it by default for same-origin iframes, and enable explicit delegation for cross-origin iframes? Yes. -Anupam From: Yoav Weiss <yoavwe...@chromium.org<mailto:yoavwe...@chromium.org>> Sent: Thursday, October 14, 2021 12:29 PM To: blink-dev <blink-dev@chromium.org<mailto:blink-dev@chromium.org>> Cc: Anupam Snigdha <sni...@microsoft.com<mailto:sni...@microsoft.com>>; Bo Cupp <pc...@microsoft.com<mailto:pc...@microsoft.com>>; Scott Low <sc...@microsoft.com<mailto:sc...@microsoft.com>>; gar...@chromium.org<mailto:gar...@chromium.org> <gary...@chromium.org<mailto:gary...@chromium.org>> Subject: [EXTERNAL] Re: Intent to Implement and Ship: Feature policy for Keyboard API On Tuesday, October 12, 2021 at 12:33:19 AM UTC+2 snianu wrote: Contact emails sni...@microsoft.com<mailto:sni...@microsoft.com> Explainer https://github.com/WICG/keyboard-map/issues/38<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fkeyboard-map%2Fissues%2F38&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671875323%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AsLDaE6oxgkkMII%2FE9AaoMY1mPRwAqGXFz%2B6Nwl2RGk%3D&reserved=0> Specification https://wicg.github.io/keyboard-map/#permissions-policy<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwicg.github.io%2Fkeyboard-map%2F%23permissions-policy&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671885318%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QZ7U0%2BT3AHT1x6hArqWaM7G4DdMeZJNfzywBP6DQ%2F0w%3D&reserved=0> Summary getLayoutMap() used in conjunction with code solves the problem of identifying the actual key pressed in keyboard with different layout maps such as English vs French keyboards, but since getLayoutMap() isn't available in all contexts (can't be used inside iframes), Office web apps like Excel, Word, PowerPoint, etc. that show up as embedded experiences in Outlook Web, Teams, etc. and are running in iframes, can't use this API. Adding keyboard-map to the allow attribute list solves this problem. Can you clarify what the current situation is? IIUC, currently layout maps are not available at all to iframes. Is that correct? Also, are you suggesting to add a permission policy that would enable it by default for same-origin iframes, and enable explicit delegation for cross-origin iframes? See this<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fkeyboard-map%2Fissues%2F38&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671885318%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qKO0PuhlvOidT6tjpBNfqi8GViO6hJLC8HDNULjX1%2BQ%3D&reserved=0> Github issue for more info. Blink component Blink<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Flist%3Fq%3Dcomponent%3ABlink&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671895297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=DcpGDmZHLGCeZllAo2%2Bu3iGJKPLIIy%2FpNyaonX3lhAo%3D&reserved=0> Search tags keyboard-map<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.chromestatus.com%2Ffeatures%23tags%3Akeyboard-map&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671895297%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=yP5jUArK0OxIYHUVXk5TkzLNN0l8czv99aXsRR3QuIE%3D&reserved=0>, Keyboard<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.chromestatus.com%2Ffeatures%23tags%3AKeyboard&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671905292%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VFqOswuOy66soNUabS93GMH8P5kal91QOu1AaMcRzbs%3D&reserved=0> TAG review Not applicable as this is API has been shipped. TAG review status Not applicable Risks Interoperability and Compatibility Currently Keyboard API is not supported on Safari and Firefox so interop risk is minimal. Moreover, this proposal only allows the usage of the Keyboard API inside an iframe if it's explicitly specified in the allow attribute list by the web author. The feature policy names are based on the permission names, which have been part of the permission policy spec<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw3c.github.io%2Fwebappsec-permissions-policy%2F&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671915287%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FSfvIC174HYCfEgsSBfU99NBis3osHpRAuS7eE4wS0E%3D&reserved=0>. Gecko: Negative (https://github.com/mozilla/standards-positions/pull/310<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmozilla%2Fstandards-positions%2Fpull%2F310&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671915287%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=aenNgGuCLgxRxG%2BA2zb1Y3PAl5rCoPxJG7iF6i1MBG0%3D&reserved=0>) WebKit: Negative (https://github.com/WICG/keyboard-map/issues/30#issue-487691188<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fkeyboard-map%2Fissues%2F30%23issue-487691188&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671925284%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=MsM9ZXNGNEwzyC1XtrJAIvQqI4OmsD3WMV%2F7YAM5ZvI%3D&reserved=0>) Web developers: Positive (https://github.com/WICG/keyboard-map/issues/38#issue-934823530<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fkeyboard-map%2Fissues%2F38%23issue-934823530&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671925284%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SkE%2B59sDhmitPPJpTUZqQwdfahrtRBwa1JhFdAGiPoI%3D&reserved=0>) Ergonomics None. Activation None. Security While there are fingerprinting concerns, this API has been shipped in Chrome 69 and adding to the allow attribute list (like HID, clipboard-read/write etc) allows sites like Office web apps to use this API. The default value would be "self" (= top-level browsing context) but sites could add it to allow list to access within iframe context. Debuggability The allow attribute has basic tooling support as described in this<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fdocument%2Fd%2F1eJn5QIX4JFGackDYmdLxWXEmTDkSGj_ZGz5XY4uCKbY%2Fedit&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671935283%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=mGrKRNpJWyo%2FZCOgNgmUd83SI5im37so2QtutkjR1g4%3D&reserved=0> doc. Is this feature fully tested by web-platform-tests<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Fmaster%2Fdocs%2Ftesting%2Fweb_platform_tests.md&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671935283%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8xPt4tjp4yWcw%2FxVHBTa0k%2F%2FZSYAyaR9Mg4s1siGpkM%3D&reserved=0>? Yes Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1258242<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D1258242&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671945278%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bYcHU7fER4oRj5egqckMvV53mS464AY91Uvqzq4KhKo%3D&reserved=0> Estimated milestones 97 Link to entry on the Chrome Platform Status https://www.chromestatus.com/feature/5657965899022336<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.chromestatus.com%2Ffeature%2F5657965899022336&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671945278%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BfhcBRZICpFxsU9kyk8JVFoRb%2ByGaTcY1PV1bzE7qjQ%3D&reserved=0> This intent message was generated by Chrome Platform Status<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.chromestatus.com%2F&data=04%7C01%7Csnianu%40microsoft.com%7C34b5fc72bd01428ef30d08d98fd9baf5%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637698987671955273%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=JKT0JxsSBdnLHw92DkLs%2B2LtU0R7hdq6VxoHjbduvAI%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/BL0PR00MB038743E3690A397D6851C7F5CFB99%40BL0PR00MB0387.namprd00.prod.outlook.com.