whatwg · annevk · Jun 1, 2016 · May 31, 2016
diff --git a/source b/source
@@ -18245,12 +18245,13 @@ included with Exhibit B.
    <li>
 
     <p>If either the <code>a</code> element has a <code
-    data-x="attr-hyperlink-download">download</code> attribute and the algorithm is not <span>allowed
-    to show a popup</span>; or, if the user has not indicated a specific <span>browsing context</span> for following the link, and the element's <code data-x="attr-hyperlink-target">target</code>
-    attribute is present, and applying <span>the rules for choosing a browsing context given a
-    browsing context name</span>, using the value of the <code
-    data-x="attr-hyperlink-target">target</code> attribute as the browsing context name, would result
-    in there not being a chosen browsing context, then run these substeps:</p>
+    data-x="attr-hyperlink-download">download</code> attribute and the algorithm is not
+    <span>triggered by user activation</span>; or, if the user has not indicated a specific
+    <span>browsing context</span> for following the link, and the element's <code
+    data-x="attr-hyperlink-target">target</code> attribute is present, and applying <span>the rules
+    for choosing a browsing context given a browsing context name</span>, using the value of the
+    <code data-x="attr-hyperlink-target">target</code> attribute as the browsing context name, would
+    result in there not being a chosen browsing context, then run these substeps:</p>
 
     <ol>
 
@@ -36791,11 +36792,13 @@ dictionary <dfn>TrackEventInit</dfn> : <span>EventInit</span> {
    <li>
 
     <p>If the <code>area</code> element has a <code data-x="attr-hyperlink-download">download</code>
-    attribute and the algorithm is not <span>allowed to show a popup</span>; or, if the user has not indicated a specific <span>browsing context</span> for following the link, and the element's <code
-    data-x="attr-hyperlink-target">target</code> attribute is present, and applying <span>the rules
-    for choosing a browsing context given a browsing context name</span>, using the value of the
-    <code data-x="attr-hyperlink-target">target</code> attribute as the browsing context name, would
-    result in there not being a chosen browsing context, then run these substeps:</p>
+    attribute and the algorithm is not <span>triggered by user activation</span>; or, if the user
+    has not indicated a specific <span>browsing context</span> for following the link, and the
+    element's <code data-x="attr-hyperlink-target">target</code> attribute is present, and applying
+    <span>the rules for choosing a browsing context given a browsing context name</span>, using the
+    value of the <code data-x="attr-hyperlink-target">target</code> attribute as the browsing
+    context name, would result in there not being a chosen browsing context, then run these
+    substeps:</p>
 
     <ol>
 
@@ -45665,7 +45668,7 @@ ldh-str       = &lt; as defined in <a href="https://tools.ietf.org/html/rfc1034#
 
   <ol>
 
-   <li><p>If the algorithm is not <span>allowed to show a popup</span>, then abort these steps
+   <li><p>If the algorithm is not <span>triggered by user activation</span>, then abort these steps
    without doing anything else.</p></li>
 
    <li><p>Return, but continue running these steps <span>in parallel</span>.</p></li>
@@ -71972,6 +71975,42 @@ END:VCARD</pre>
   refer to the <code data-x="event-click">click</code> event that was fired by the steps above
   leading up to this point.</p>
 
+  <p id="allowed-to-show-a-popup">An algorithm is <dfn>triggered by user activation</dfn> if any of
+  the following conditions is true:</p>
+
+  <ul>
+   <li><p>The <span data-x="concept-task">task</span> in which the algorithm is running is currently
+   processing an <span>activation behaviour</span> whose <code data-x="event-click">click</code>
+   event was <span data-x="concept-events-trusted">trusted</span>.</li>
+
+   <li>
+    <p>The <span data-x="concept-task">task</span> in which the algorithm is running is currently
+    running the event listener for a <span data-x="concept-events-trusted">trusted</span> event
+    whose type is in the following list:</p>
+
+    <ul class="brief">
+     <li><code data-x="event-change">change</code></li>
+     <li><code data-x="event-click">click</code></li>
+     <li><code data-x="event-dblclick">dblclick</code></li>
+     <li><code data-x="event-mouseup">mouseup</code></li>
+     <li><code data-x="event-reset">reset</code></li>
+     <li><code data-x="event-submit">submit</code></li>
+    </ul>
+
+   </li>
+
+   <li>
+    <p>The <span data-x="concept-task">task</span> in which the algorithm is running was <span
+    data-x="queue a task">queued</span> by an algorithm that was <span>triggered by user
+    activation</span>, and the chain of such algorithms started within a user-agent defined
+    timeframe.</p>
+
+    <p class="example">For example, if a user clicked a button, it might be acceptable for a popup
+    to result from that after 4 seconds, but it would likely not be acceptable for a popup to result
+    from that after 4 hours.</p>
+   </li>
+  </ul>
+
   </div>
 
 <!--TOPIC:DOM APIs-->
@@ -77326,48 +77365,6 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
 
   <hr>
 
-  <p>An algorithm is <dfn>allowed to show a popup</dfn> if any of the following conditions is
-  true:</p>
-
-  <ul>
-
-   <li><p>The <span data-x="concept-task">task</span> in which the algorithm is running is currently
-   processing an <span>activation behaviour</span> whose <code data-x="event-click">click</code> event
-   was <span data-x="concept-events-trusted">trusted</span>.</li>
-
-   <li>
-
-    <p>The <span data-x="concept-task">task</span> in which the algorithm is running is currently
-    running the event listener for a <span data-x="concept-events-trusted">trusted</span> event whose
-    type is in the following list:</p>
-
-    <ul class="brief">
-     <li><code data-x="event-change">change</code></li>
-     <li><code data-x="event-click">click</code></li>
-     <li><code data-x="event-dblclick">dblclick</code></li>
-     <li><code data-x="event-mouseup">mouseup</code></li>
-     <li><code data-x="event-reset">reset</code></li>
-     <li><code data-x="event-submit">submit</code></li>
-    </ul>
-
-   </li>
-
-   <li>
-
-    <p>The <span data-x="concept-task">task</span> in which the algorithm is running was <span
-    data-x="queue a task">queued</span> by an algorithm that was <span>allowed to show a popup</span>,
-    and the chain of such algorithms started within a user-agent defined timeframe.</p>
-
-    <p class="example">For example, if a user clicked a button, it might be acceptable for a popup
-    to result from that after 4 seconds, but it would likely not be acceptable for a popup to result
-    from that after 4 hours.</p>
-
-   </li>
-
-  </ul>
-
-  <hr>
-
   <p><dfn>The rules for choosing a browsing context given a browsing context name</dfn> are as
   follows. The rules assume that they are being applied in the context of a <span>browsing
   context</span>, as part of the execution of a <span data-x="concept-task">task</span>.</p>
@@ -77411,9 +77408,9 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
 
     <dl class="switch">
 
-     <dt id="popup-blocker">If the algorithm is not <span>allowed to show a popup</span> and the
-     user agent has been configured to not show popups (i.e. the user agent has a "popup blocker"
-     enabled)</dt>
+     <dt id="popup-blocker">If the algorithm is not <span>triggered by user activation</span> and
+     the user agent has been configured to not show popups (i.e. the user agent has a "popup
+     blocker" enabled)</dt>
 
      <dd>
 
@@ -82011,7 +82008,7 @@ State: &lt;OUTPUT NAME=I>1&lt;/OUTPUT> &lt;INPUT VALUE="Increment" TYPE=BUTTON O
   target software, e.g. by prompting the user to confirm that the <span>source browsing
   context</span>'s <span>active document</span>'s <span>origin</span> is to be allowed to invoke the
   specified software. In particular, if the <span>navigate</span> algorithm, when it was invoked,
-  was not <span>allowed to show a popup</span>, the user agent should not invoke the external
+  was not <span>triggered by user activation</span>, the user agent should not invoke the external
   software package without prior user confirmation.</p>
 
   <p class="example">For example, there could be a vulnerability in the target software's URL