Feature policy for not messing with scrolling?

[kenchris]

Ie. so that thirdparty scripts etc cannot listen to scroll events or enforce "passive" on event handlers

[clelland]

@ehsan-karamad has been working on something that might match this -- specifically preventing frames from hijacking or interfering with the scrolling of their parent document.

[ehsan-karamad]

Right now we do have vertical-scroll mostly implemented serves some purpose here. Disabling the feature for a frame basically ensures:

• The frame cannot abuse scrollIntoView() (no effect in parent document),
• The frame cannot abuse touch-action as it would always include pan-y,
• Preventing touchstart will not cancel vertical scroll (still disables other gestures),
• Preventing wheel will not block scroll if it is along y-axis.

That said, there are two "provisional" features ideas I wanted to followup on:

1. A feature to enforce all listeners to be passive (i.e., touchstart, touchmove, wheel, etc).
2. horizontal-scroll which is similar to vertical-scroll.

I think both 1 & 2 are good features depending on the use case.

[Desentso]

Any updates on this?

[clelland]

This is currently implemented in Chrome (and has been for some time now) but is still experimental. You can enable it by running Chrome either with "Experimental web platform features" turned on in chrome://flags, or from the command line with the flag

--enable-blink-features=ExperimentalPolicies

With either of those, a page which is framed with <iframe allow="vertical-scroll none">, or under a permissions-policy header like

Permissions-Policy: vertical-scroll=()

will be unable to hijack scrolling of its parent document.