The issue was found during the request review: w3c/security-request#48
The Spec reviewed: https://www.w3.org/TR/autoplay-detection/
1. What/where exactly the spec says this
The Introduction (Section 1):
"if a user agent only blocks audible autoplay, then web developers can replace audible media with inaudible media to keep media playing."
|
is not allowed to autoplay. For instance, if a user agent only blocks audible |
|
autoplay, then web developers can replace audible media with inaudible media |
|
to keep media playing, instead of showing a blocked media which looks like a |
|
still image to users. If the user agent does not allow any autoplay media, |
|
then web developers could stop loading media resources and related tasks to |
Section 3 examples demonstrate this — detecting "allowed-muted" and setting video.muted = true before calling play().
The only defense is a non-normative Note in Section 2.2.2:
"if authors make an inaudible media element audible right after it starts playing, then it is recommended for a user agent to pause that media element immediately because it's no longer inaudible."
Per the Conformance section:
"Informative notes begin with the word 'Note' and are set apart from the normative text."
A browser that ignores this is fully conformant.
2. What correction we're suggesting and why
The spec teaches the detect-and-circumvent pattern but makes the defense non-normative. As the PING review noted:
"disclosing to the page that a video is playing muted might cause the page to do something that could be hostile to the user."
The fix needs activation-awareness — pausing on programmatic unmute, not when a user clicks unmute.
3. Cross-Workstream Impact
This gap enables harms identified by two W3C workstreams:
Accessibility — WCAG 1.4.2 / ACT Rule aaa1bf
ACT Rule aaa1bf fails any auto-playing element with audio exceeding 3 seconds (Expectation). A muted video is inapplicable — the moment it's unmuted without user action, it becomes an F23 failure. G171 is explicit: sounds should play only on user request. The spec creates the pipeline for this transition with no normative guardrail.
Sustainability — WSG 2.11 / 2.12
WSG STAR technique UX11-3 requires users remain in control of when media begins transmitting, and its testability criteria include: "Check for audio and video HTML elements and remove any autoplay true events." The spec's encouragement to "keep media playing" via muted autoplay directly conflicts. A muted video still downloads, decodes, and drains battery. WSG 2.12 adds that a stop/opt-out mechanism must be provided before animation begins — "allowed-muted" provides none.
4. How it can be fixed
Move the guidance from the non-normative Note into normative text in Section 2.2.2:
"If a media element begins playback as an inaudible media element under the allowed-muted policy and subsequently becomes audible without transient user activation, the user agent SHOULD pause the media element."
SHOULD (not MUST) is deliberate — normative weight while allowing UA heuristics. The key addition is "without transient user activation" — preserving the legitimate case (user clicks unmute) while blocking the hostile case (JS unmutes programmatically after policy-gated playback).
The issue was found during the request review: w3c/security-request#48
The Spec reviewed: https://www.w3.org/TR/autoplay-detection/
1. What/where exactly the spec says this
The Introduction (Section 1):
Section 3 examples demonstrate this — detecting
"allowed-muted"and settingvideo.muted = truebefore callingplay().The only defense is a non-normative Note in Section 2.2.2:
Per the Conformance section:
A browser that ignores this is fully conformant.
2. What correction we're suggesting and why
The spec teaches the detect-and-circumvent pattern but makes the defense non-normative. As the PING review noted:
The fix needs activation-awareness — pausing on programmatic unmute, not when a user clicks unmute.
3. Cross-Workstream Impact
This gap enables harms identified by two W3C workstreams:
Accessibility — WCAG 1.4.2 / ACT Rule aaa1bf
ACT Rule aaa1bf fails any auto-playing element with audio exceeding 3 seconds (Expectation). A muted video is inapplicable — the moment it's unmuted without user action, it becomes an F23 failure. G171 is explicit: sounds should play only on user request. The spec creates the pipeline for this transition with no normative guardrail.
Sustainability — WSG 2.11 / 2.12
WSG STAR technique UX11-3 requires users remain in control of when media begins transmitting, and its testability criteria include: "Check for audio and video HTML elements and remove any autoplay true events." The spec's encouragement to "keep media playing" via muted autoplay directly conflicts. A muted video still downloads, decodes, and drains battery. WSG 2.12 adds that a stop/opt-out mechanism must be provided before animation begins —
"allowed-muted"provides none.4. How it can be fixed
Move the guidance from the non-normative Note into normative text in Section 2.2.2:
SHOULD (not MUST) is deliberate — normative weight while allowing UA heuristics. The key addition is "without transient user activation" — preserving the legitimate case (user clicks unmute) while blocking the hostile case (JS unmutes programmatically after policy-gated playback).