domenic's comments.

source

@@ -72499,62 +72499,105 @@ END:VCARD</pre>
 
   <h4>Processing model</h4>
 
-  <p>A user interaction <dfn data-x="activates-a-window">activates a <code>Window</code> object
-  <var>W</var></dfn> if either:</p>
-  <ul>
-    <li>input events from the user interaction is targetted to an element of <var>W</var>, or</li>
-
-    <li>the interaction <span data-x="activates-a-window">activates the <code>Window</code>
-      object</span> in a subframe of <var>W</var>.</li>
-  </ul>
+  <p>When a user interaction in a <span>browsing context</span> <var>B</var> causes firing of an <a
+  href="#activation-triggering-event">activation triggering input events</a> in that context, it
+  <dfn data-x="activate-window">activates the <code>Window</code> objects</dfn> in all <span
+  data-x="ancestor browsing context">ancestor browsing contexts</span> of <var>B</var> (including
+  the one in <var>B</var> itself).</p>
 
   <p>The <dfn>user activation state</dfn> of a <code>Window</code> object <var>W</var> consists of
   two boolean flags, both of which are initially set to false:</p>
+
   <ul>
-    <li>The <dfn>sticky activation flag</dfn> indicates the historical activation state: whether the
-    user has ever interacted with <var>W</var> or its subframes.  The flag is set when <var>W</var>
-    is <span data-x="activates-a-window">activated</span> for the very first time, and is never
-    reset during the lifetime of <var>W</var>.</li>
-
-    <li>The <dfn>transient activation flag</dfn> indicates the current activation state: whether the
-    user is currently interacting with <var>W</var> or its subframes.  The flag is set every time
-    <var>W</var> is <span data-x="activates-a-window">activated</span>, and is reset either
-      <ul>
-        <li>after an expiry time defined by the browser, or</li>
-        <li>through a call to an <span data-x="">activation-consuming API</span> in the context of
-          any <code>Window</code> object of the page.</li>
-      </ul>
-    </li>
+
+   <li><p>The <dfn>sticky activation flag</dfn> indicates the historical activation state: whether
+   the user has ever interacted with <var>W</var> or its subframes.  When <var>W</var> is <span
+   data-x="activate-window">activated</span> for the very first time, the UA sets the flag to true.
+   This flag is never set to false during the lifetime of <var>W</var>.</p></li>
+
+   <li><p>The <dfn>transient activation flag</dfn> indicates the current activation state: whether
+   the user is currently interacting with <var>W</var> or its subframes.  Every time <var>W</var> is
+   <span data-x="activate-window">activated</span>, the UA sets the flag to true.  The UA sets the
+   flag to false when the flag either <span data-x="expiration of transient
+   activation">expires</span> or gets <span data-x="consumption of transient
+   activation">consumed</span>.</p></li>
+
   </ul>
 
-  <p class="note"> The propagation of the <span>transient activation flag</span> in the frame tree
-  is assymetric between setting vs resetting of the flag.  A user interaction with a frame
-  <var>F</var> sets the flag in the <code>Window</code> object of each ancestor frame of
-  <var>F</var> (including <var>F</var> itself).  However, an <span data-x="">activation-consuming
-  API</span> call in the context of the <code>Window</code> object of frame of <var>F</var> resets
-  the flag in <em>all</em> <code>Window</code> objects across the whole frame tree.  This prevents
-  multiple calls to an <span data-x="">activation-consuming API</span> even when the frame hierarchy
-  is deep.</p>
+  <dl>
+
+   <dt><dfn>Expiration of transient activation</dfn></dt>
+
+   <dd>
+
+    <p>The UA sets the <span>transient activation flag</span> to false after a UA-defined expiry
+    time has elapsed since the last time <var>W</var> was
+    <span data-x="activate-window">activated</span>.</p>
+
+    <p class="note">The expiry time has to be at most a few seconds so that the user can possibly
+    perceive the link between an interaction with a page and the page opening a popup, for
+    example.</p>
+
+    <p class="note">The UA can possibly implement the expiration of <span>transient activation
+    flag</span> through time-stamping: the UA would have an internal time-stamp field in <span>user
+    activation state</span> which is updated to current time-stamp every time <var>W</var> is
+    <span data-x="activate-window">activated</span>.  Then every time the <span>transient activation
+    flag</span> is checked, the UA would return true iff current time-stamp is less than the stored
+    time-stamp plus the expiry time.</p>
+
+   </dd>
+
+   <dt><dfn>Consumption of transient activation</dfn><dt>
+
+   <dd>
+
+    <p>The UA sets the <span>transient activation flag</span> to whenever any script in the page
+    makes a call to an <span>activation consuming API</span> such as <code
+    data-x="dom-open">window.open()</code>.</p>
+
+    <p class="note" w-nodev>Note the assymetry between setting the <span>transient activation
+    flag</span> to true and false from the perspective of the <span data-x="browsing
+    context">browsing contexts</span> of the page.  A user interaction with a <code>Window</code>
+    object <var>W</var> sets to true the transient activation flags in only the <span
+    data-x="ancestor browsing context">ancestor browsing contexts</span> of <var>W</var>.  However,
+    a consumping in <var>W</var> sets to false the flags in all browsing contexts of the page (more
+    precisely, all <span data-x="list of the descendant browsing contexts">descendant browsing
+    contexts</span> of the <span>top-level browsing context</span> of <var>W</var>).  Consuming the
+    flag in this manner prevents malicious sites from making multiple calls to an <span>activation
+    consuming API</span> from a single user activation (possibly by exploiting a deep hierarchy of
+    browsing contexts).</p>
+
+   </dd>
+
+  </dl>
 
   <h4>APIs gated by user activation</h4>
 
   <p>APIs that are dependent on <span>user activation state</span> are classified into three
   different levels. The levels are as follows, sorted by their "strength of dependence" on user
   activation (from strongest to weakest):</p>
-  <ol>
-    <li><dfn>Transient activation consuming APIs</dfn>: These APIs require the transient bit, and
-    they consume the bit in each call to prevent multiple calls per user activation.</li>
+  <dl>
+   <dt><dfn data-x="activation consuming api">Transient activation consuming APIs</dfn></dt>
 
-    <li><dfn>Transient activation gated APIs</dfn>: These APIs require the transient bit but don't
-    consume it, so multiple calls are allowed per user activation until the transient bit
-    expires.</li>
+   <dd><p>These APIs require the transient activation flag to be true, and they <span
+   data-x="consumption of transient activation">consume</span> the flag in each call to prevent multiple
+   calls per user activation.</p></dd>
 
-    <li><dfn>Sticky activation gated APIs</dfn>: These APIs require the sticky activation bit, so
-    they are blocked until the very first user activation.</li>
-  </ol>
+   <dt><dfn data-x="transient activation gated api">Transient activation gated APIs</dfn><dt>
+
+   <dd><p>These APIs require the transient activation flag to be true but don't consume it, so
+   multiple calls are allowed per user activation until the transient bit <span data-x="expiration
+   of transient activation">expires</span>.</p></dd>
+
+   <dt><dfn data-x="sticky activation gated api">Sticky activation gated APIs</dfn></dt>
+
+   <dd><p>These APIs require the sticky activation flag to be true, so they are blocked
+   until the very first user activation.</p></dd>
+
+  </dl>
 
 
-  <h4>Events triggering user activation</h4>
+  <h4 id="activation-triggering-event">Input events triggering user activation</h4>
 
   <div w-nodev>
 
@@ -72571,15 +72614,15 @@ END:VCARD</pre>
   data-x="dom-Event-isTrusted">isTrusted</code> attribute is true and whose <code
   data-x="dom-Event-type">type</code> is one of:</p>
   <ul class="brief">
-    <li><code data-x="event-change">change</code></li>
-    <li><code data-x="event-click">click</code></li>
-    <li><code data-x="event-contextmenu">contextmenu</code></li>
-    <li><code data-x="event-dblclick">dblclick</code></li>
-    <li><code data-x="event-mouseup">mouseup</code></li>
-    <li><code data-x="event-pointerup">pointerup</code></li>
-    <li><code data-x="event-reset">reset</code></li>
-    <li><code data-x="event-submit">submit</code></li>
-    <li><code data-x="event-touchend">touchend</code></li>
+   <li><code data-x="event-change">change</code></li>
+   <li><code data-x="event-click">click</code></li>
+   <li><code data-x="event-contextmenu">contextmenu</code></li>
+   <li><code data-x="event-dblclick">dblclick</code></li>
+   <li><code data-x="event-mouseup">mouseup</code></li>
+   <li><code data-x="event-pointerup">pointerup</code></li>
+   <li><code data-x="event-reset">reset</code></li>
+   <li><code data-x="event-submit">submit</code></li>
+   <li><code data-x="event-touchend">touchend</code></li>
   </ul>
 
   </div>