Ads on AMP pages became safer and more user-friendly in 2018


In the past year, the AMP team took advantage of the latest browser features to keep users safe & deliver a jank-free browsing experience. Because AMP powers billions of ads and pages on the web, these updates required no work from content creators or ad networks, making all AMP pages safer and faster for all users. Additionally we directly funded the implementation of the underlying security primitives in WebKit, so we’re happy to be able to extend the same security level to users of Apple’s Safari browser.

Iframe Sandboxing FTW

Iframe sandboxing allows web developers to set restrictions on iframe capabilities (e.g. the rendering of display ads). AMP now uses this feature to sandbox all ads, eliminating attacks such as auto-redirecting which could previously be performed by ads.

 An illustration of auto-redirect ads

A combination of ‘allow-top-navigation-by-user-activation‘ and ‘allow-popups-to-escape-sandbox‘ attributes on the iframe gives web developers a practical way forward. It protect users on the primary site, while allowing the landing page to be functional.

Sandbox FeatureDescription
allow-top-navigation-by-user-activationEnsures navigation from within an ad only happens on user action.
allow-popups-to-escape-sandboxRemoves any sandbox restrictions on the landing page of the ad.

Initially users were only protected on Chrome. So we funded Igalia to add these features (link, link) and many others to WebKit, Safari’s open source browser engine. All users on Safari, Chrome and other browsers that support the underlying sandbox primitives (about 75% of mobile web usage) are protected from auto-redirects.

Aggressively Deprecating Synchronous Requests

Synchronous requests are bad for user experience because they can completely block all user interaction with a page until the network request succeeds or fails.

     An illustration of a ‘sync-xhr’ side effect

Since display ads don’t pay for the externality (e.g. web page jank) they create, they have no incentive to write the most efficient code. Not only does this result in a bad page experience, this opens up a bad vulnerability that could help the ad creator. The most obvious way to drive up viewability of an ad is to fire off some heavy synchronous requests as soon as the ad gets into the viewport. This results in the ad creator earning better viewability while the page experience suffers dearly.

Thankfully, Chrome now allows a feature policy called ‘control Synchronous XMLHttpRequest’ that allows deprecating sync XHRs on iframes.

AMP launched this feature policy for all ads served to AMP pages. We are also experimenting with implementing this for all iframes on AMP pages.

Scaling Impact with AMP

Millions of content creators have published AMP pages so far and 100+ ad networks have integrated with AMP. We’ve been able to roll out these changes to hundreds of millions of users without any new work from the content creator or the ad network. All it took was a few lines of code submitted to AMP’s open source repo.

One of the less obvious advantages of AMP is its ability to keep up with the latest browser features and automagically bring the entire ecosystem running on the safest & most user-friendly slice of the web. For a website owner, a one time investment in AMP provides ongoing dividends.  

It’s a humbling opportunity to advance the web at this scale, make it safe and deliver an excellent user experience for everyone. What are some other features that we can ship to a large part of the internet in 2019? Let us know.

Posted by Vamsee Jasti, Product Manager at Google, AMP Project