I know this proposal is at an early stage, but one immediate threat to consider is how this could be abused for a new class of pop-up ads or intrusive web elements.
We could review this further as it gets more detailed, but some initial questions:
- how will the user know which window opened which PiP? or how to close either the PiP or the opener?
- can a PiP imitate native UI or some other part of the UI of another window?
- what protections are necessary to prevent another round of pop-up ad wars? (is it the same as window.open or will there be different protections necessary if there's less ua/window chrome?)
I know this proposal is at an early stage, but one immediate threat to consider is how this could be abused for a new class of pop-up ads or intrusive web elements.
We could review this further as it gets more detailed, but some initial questions: