Deprecate download in ad frames without user gesture

Feature: Deprecate download in ad frames without user gesture

We plan to prevent downloads initiated from ad frames that lack a user gesture ('drive-by downloads'). Removal is expected in Chrome 76.

Motivation

Downloads don't make sense with ads. It happens very rarely in practice and is also difficult to reproduce, which implies that a very small amount of ads are doing automatic downloads. Blocking downloads in ad frames without user gestures will make the web more secure. Apart from security concerns, it would be a more pleasant user experience for a click to trigger a download on the same page, compared with downloads started automatically when landing at a new page, or started non-spontaneously after the click.

Documentation

Status in Chromium

Blink components: UI>Browser>Downloads

In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Edge: No signal
Safari: No signal
Web Developers: No signals

Owner

yaoxia@chromium.org

Comments

Ads are identified by Chromium's AdTagging infrastructure: https://cs.chromium.org/chromium/src/docs/ad_tagging.md

Search tags

download, ad,

Last updated on 2021-05-09