Contact emailsschwer...@google.com Explainerhttps://github.com/explainers-by-googlers/safe-text-input/ blob/main/manual-text.md
SummaryThe policy-controlled feature `manual-text` indicates whether it is safe to dispatch text events in embedded documents. Disabling `manual-text` in an iframe signals to the user agent that the embedded document should not receive text input. The user may warn before dispatching text-producing events such as keyboard or paste events, or suppress them entirely. A related feature is `autofill`: https://chromestatus.com/feature/5066686516953088 Blink componentBlink>FeaturePolicy <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EFeaturePolicy%22> Motivation This specification improves data security: For end users, it is often difficult to recognize third-party documents as such, let alone to identify the third party and reason about its trustworthiness. With the policy-controlled feature `manual-text`, the embedding document expresses whether it considers an embedded document trustworthy for user text input. The browser can use this to warn the user when they are about to enter text in an untrusted document, or it may directly block the dispatch of these events. Text-producing events include most keyboard events, paste events, and drop events. They exclude keyboard events that are not commonly used to enter meaningful text, such as navigation keys or the space key. Today, documents have no way of preventing an embedded document from receiving text input short of sandboxing the frame. Search tagsautofill <https://chromestatus.com/features#tags:autofill>, feature-policy <https://chromestatus.com/features#tags:feature-policy> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/831 The TAG review started for an earlier proposal `shared-autofill`. After feedback from TAG, we shifted the scope of the proposal from enabling cross-origin autofill and other text input to controlling autofill in cross-origin iframes. Shopify has expressed support <https://github.com/w3ctag/design-reviews/issues/831#issuecomment-2619012166> for the proposal. Mozilla <https://github.com/mozilla/standards-positions/issues/752> and WebKit <https://github.com/WebKit/standards-positions/issues/141> responses on the earlier proposal `shared-autofill` were neutral. TAG review statusIn process Tracking bughttps://g-issues.chromium.org/issues/40178859 <https://crbug.com/40178859> Launch bughttps://launch.corp.google.com/launch/4200980 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5164522274553856?gate=5201632335495168 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- Google Germany GmbH Erika-Mann-Straße 33 80636 München Geschäftsführer: Paul Manicle, Liana Sebastian Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde. This email is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAN-ZcvHWUg522qU9Qk1QbCm133ULpQOU%2BzLUrxg53d%2BJjigZRQ%40mail.gmail.com.
