Add scroll bubbling monkeypatches (#71)

* start work * complete monkey patches * remove unnecessary exports and fix logic * explain why we can't allow existing behavior * address review comments * fix formatting * fix formatting * Wording * Fixes * Refactor to match design document * reword and fix alignment * update intro to mention actual algorithm being patched * remove ambiguity --------- Co-authored-by: Dominic Farolino <domfarolino@gmail.com>
WICG · Jul 31, 2023 · eb6b50e · eb6b50e
1 parent 03267d0
commit eb6b50e
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/spec.bs b/spec.bs
@@ -235,6 +235,10 @@ spec: permissions-policy; urlPrefix: https://w3c.github.io/webappsec-permissions
   type: dfn
     for: permissions policy
       text: inherited policy; url: inherited-policy
+spec: css2; urlPrefix: https://www.w3.org/TR/CSS21/visuren.html
+  type: dfn
+    for: css2
+      text: viewport; url: viewport
 </pre>
 
 <style>
@@ -2581,6 +2585,31 @@ algorithms to achieve the outcomes described in the above explanatory content.
   /fenced-frame/permission-notification.https.html
 </wpt>
 
+<h3 id=cssom-monkeypatch>CSSOM View</h3>
+
+The [[!CSSOM-VIEW]] specification defines the {{Element/scrollIntoView()}} method that calls the
+[=scroll a target into view=] algorithm. This will not only scroll the {{Element}} or
+[=css2/viewport=] to make the target visible, but will also scroll [=tree/ancestor=]s if necessary
+to make the target visible, essentially causing the scroll to "bubble up". This means that
+{{Element/scrollIntoView()}} performed in a [=child navigable=] or [=fenced navigable container/
+fenced navigable=] can be observed by its embedder, allowing for collusion across a fenced frame
+boundary. This section patches the [=scroll a target into view=] algorithm to prevent that collusion
+at the expense of some utility.
+
+<div algorithm=scroll-target-into-view>
+  Modify the [=scroll a target into view=] algorithm to add a step at the end of the algorithm that
+  reads:
+
+  14. If <var ignore>scrolling box</var>'s associated {{Element}}'s associated {{Document}}'s [=node
+     navigable=]'s [=navigable/traversable navigable=] is a [=fenced navigable container/fenced
+     navigable=], or if <var ignore>scrolling box</var>'s associated [=css2/viewport=]'s associated
+     {{Document}}'s [=node navigable=]'s [=navigable/traversable navigable=] is a [=fenced navigable
+     container/fenced navigable=], then let this be the last instance of this algorithm that stops
+     any further recursive instances that would otherwise follow.
+
+  Note: This allows scrolling to "bubble up" to a fenced frame boundary, but not cross it.
+</div>
+
 <h2 id=security-and-privacy>Security & Privacy Considerations</h2>
 
 This material is being upstreamed from our explainer into this specification, and in the meantime