"Press here to view the content", there's already plenty in the wild that grant access to notifications with deceptive buttons.
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]
[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...
[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)
“targeted and functional controls for accessing camera and microphone streams”
The similar <geolocation> element has clickjacking prevention enforced by the browser[0], and even if the website finds a way around it, it still shows the normal permission prompt.[1]
[0]: https://developer.mozilla.org/en-US/docs/Web/API/HTMLGeoloca...
[1]: https://mdn.github.io/dom-examples/geolocation-element/basic... (requires Chromium)