Limit the precision of floating point event fields

[jyasskin]

There's a history of factory calibration information being used to fingerprint individual devices. I haven't investigated whether this is possible on common pointing devices, but as a precaution, would it make sense to establish a normative limit on the precision of the fields in pointer events, similar to what was done for deviceorientation and accelerometer? See w3c/deviceorientation#86, which limited angle measurements to 0.1 degrees.

[mustaqahmed]

Looks like we should be fine with a 0.01 precision in all of these double attributes and the inherited coordinates. Or maybe even 0.1 in some cases. Thoughts?

We don't need to "downgrade" the IDL types to float, do we?

[jyasskin]

I think float fields are also vulnerable to this problem, so they should also be limited, and there's no need to consider changing doubles to floats.

[smaug----]

We don't want to change any idl types for this. Just need to document that when dealing with trusted events, the precision of all the float and double properties should be limited. Need to be just careful with the wording, since the limit is on the "native" precision level.

[flackr]

@smaug---- I agree, I'd be happy with something non-specific. A similar example is the precision of times in the web-animations spec: https://www.w3.org/TR/web-animations-1/#precision-of-time-values

I think it might be good to say something for the different fields, e.g. something like this:

• For sizes and coordinates, the minimum precision should be precise enough to differentiate physical pixels at the size on screen
• For pressures and other analog values, the minimum precision should allow for at least 256 distinct values to avoid significant banding when used as an output color.
• For angles, the minimum precision should at least be 1 degree

[smaug----]

That sounds reasonable to me.