From f23f55900395b12ffdc6f85f3a4feadab9dacf92 Mon Sep 17 00:00:00 2001 From: Kevin McNee Date: Thu, 12 Dec 2024 03:03:57 -0500 Subject: [PATCH] Make named window lookup more precise and correct BCG swap logic In "the rules for choosing a navigable," the method to find an existing navigable by name is vague. This updates the definition to accurately reflect what the major implementations do. There are some differences between implementations, so there remains in the spec some optional/implementation-defined behavior, but it's much narrower. In particular, note that lookups are now explicitly scoped to browsing context groups. The previous language in the named lookup about "the user agent determines that the two browsing contexts are related enough" is now no longer a part of the lookup logic, but a consequence of the BCG swap decisions. In "obtain a browsing context to use for a navigation response," the existing spec only mentions COOP enforcement as a reason to do a browsing context group swap. Some implementations perform a swap for additional security and performance reasons. This is now reflected in the spec. For context, see: * https://github.com/whatwg/html/issues/313 * https://github.com/whatwg/html/issues/4198#issuecomment-442082606 * https://github.com/whatwg/html/issues/5350 This closes #313, but we have opened the following issues to track the remaining implementation-defined interop gaps: #6356, #10842, #10848, #10849, #10850. Co-authored-by: Domenic Denicola --- source | 407 ++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 303 insertions(+), 104 deletions(-) diff --git a/source b/source index a201eb97b91..0dd6276d1f2 100644 --- a/source +++ b/source @@ -87776,18 +87776,75 @@ dictionary DragEventInit : MouseEventInit {

To obtain a browsing context to use for a - navigation response, given a browsing context browsingContext, a - sandboxing flag set sandboxFlags, an opener policy - navigationCOOP, and an opener policy enforcement - result coopEnforcementResult:

+ navigation response, given navigation params navigationParams:

    +
  1. Let browsingContext be navigationParams's navigable's active browsing + context.

  2. +
  3. If browsingContext is not a top-level browsing context, then return browsingContext.

  4. +
  5. Let coopEnforcementResult be navigationParams's COOP enforcement result.

  6. + +
  7. Let swapGroup be coopEnforcementResult's needs a browsing context group switch.

  8. + +
  9. Let sourceOrigin be browsingContext's + active document's origin.

  10. + +
  11. Let destinationOrigin be navigationParams's origin.

  12. +
  13. -

    If coopEnforcementResult's needs a - browsing context group switch is false, then:

    +

    If sourceOrigin is not same site with + destinationOrigin:

    + +
      +
    1. +

      If either of sourceOrigin or destinationOrigin have a scheme that is not an HTTP(S) scheme and + the user agent considers it necessary for sourceOrigin and + destinationOrigin to be isolated from each other (for + implementation-defined reasons), optionally set swapGroup to true.

      + +

      For example, if a user navigates from about:settings to + https://example.com, the user agent could force a swap.

      + +

      Issue #10842 tracks + settling on an interoperable behavior here, instead of letting this be optional.

      +
    2. + +
    3. +

      If navigationParams's user + involvement is "browser UI", optionally set + swapGroup to true.

      + +

      Issue #6356 tracks + settling on an interoperable behavior here, instead of letting this be optional.

      +
    4. +
    +
  14. + +
  15. +

    If browsingContext's group's browsing + context set's size is 1, optionally set + swapGroup to true.

    + +

    Some implementations swap browsing context groups here for performance + reasons.

    + +

    The check for other contexts that could script this one is not sufficient to + prevent differences in behavior that could affect a web page. Even if there are currently no + other contexts, the destination page could open a window, then if the user navigates back, the + previous page could expect to be able to script the opened window. Doing a swap here would break + that use case.

    +
  16. + +
  17. +

    If swapGroup is false, then:

    1. If coopEnforcementResult's DragEventInit : MouseEventInit { might destroy it at this point.

    2. +
    3. Let navigationCOOP be navigationParams's cross-origin opener policy.

    4. +
    5. If navigationCOOP's value is "same-origin-plus-COEP", then set @@ -87827,6 +87887,10 @@ dictionary DragEventInit : MouseEventInit { not.

    6. +
    7. Let sandboxFlags be a clone of + navigationParams's final sandboxing flag set.

    8. +
    9. If sandboxFlags is not empty, then:

        @@ -87836,8 +87900,8 @@ dictionary DragEventInit : MouseEventInit {
      1. Assert: newBrowsingContext's popup sandboxing flag set is empty.

      2. -
      3. Set newBrowsingContext's popup sandboxing flag set to a clone of sandboxFlags.

      4. +
      5. Set newBrowsingContext's popup sandboxing flag set to + sandboxFlags.

    10. @@ -97793,6 +97857,112 @@ interface NotRestoredReasons {
      +

      To find a navigable by target name given a string name and a + navigable currentNavigable:

      + +
        +
      1. Let currentDocument be currentNavigable's active document.

      2. + +
      3. Let sourceSnapshotParams be the result of snapshotting source snapshot + params given currentDocument.

      4. + +
      5. +

        Let subtreesToSearch be an implementation-defined choice of one of + the following:

        + +
          +
        • « currentNavigable's traversable + navigable, currentNavigable »

        • + +
        • the inclusive ancestor navigables of currentDocument

        • +
        + +

        Issue #10848 tracks + settling on one of these two possibilities, to achieve interoperability.

        +
      6. + +
      7. +

        For each subtreeToSearch of + subtreesToSearch, in reverse order:

        + +
          +
        1. Let documentToSearch be subtreeToSearch's active document.

        2. + +
        3. +

          For each navigable of the inclusive + descendant navigables of documentToSearch:

          + +
            +
          1. +

            If currentNavigable is not allowed by sandboxing to navigate + navigable given sourceSnapshotParams, then optionally + continue.

            + +

            Issue #10849 tracks + making this check required, to achieve interoperability.

            +
          2. + +
          3. If navigable's target name is + name, then return navigable.

          4. +
          +
        4. +
        +
      8. + +
      9. Let currentTopLevelBrowsingContext be currentNavigable's active browsing context's top-level browsing + context.

      10. + +
      11. Let group be currentTopLevelBrowsingContext's group.

      12. + +
      13. +

        For each topLevelBrowsingContext of + group's browsing context set, in an implementation-defined + order (the user agent should pick a consistent ordering, such as the most recently opened, most + recently focused, or more closely related):

        + +

        Issue #10850 tracks + picking a specific ordering, to achieve interoperability.

        + +
          +
        1. If currentTopLevelBrowsingContext is topLevelBrowsingContext, then + continue.

        2. + +
        3. Let documentToSearch be topLevelBrowsingContext's active + document.

        4. + +
        5. +

          For each navigable of the inclusive + descendant navigables of documentToSearch:

          + +
            +
          1. If currentNavigable's active browsing context + is not familiar with navigable's active + browsing context, then continue.

          2. + +
          3. +

            If currentNavigable is not allowed by sandboxing to navigate + navigable given sourceSnapshotParams, then optionally + continue.

            + + +

            Issue #10849 tracks + making this check required, to achieve interoperability.

            +
          4. + +
          5. If navigable's target name is + name, then return navigable.

          6. +
          +
        6. +
        +
      14. + +
      15. Return null.

      16. +
      +

      The rules for choosing a navigable, given a string name, a navigable currentNavigable, and a boolean noopener are as follows:

      @@ -97817,21 +97987,11 @@ interface NotRestoredReasons { data-x="">_top", set chosen to currentNavigable's traversable navigable.

      -
    11. -

      Otherwise, if name is not an ASCII case-insensitive match for "_blank", there exists a navigable whose target name is the same as name, - currentNavigable's active browsing context is - familiar with that navigable's active browsing - context, and the user agent determines that the two browsing contexts are related enough - that it is ok if they reach each other, set chosen to that navigable. If there are - multiple matching navigables, the user agent should pick one in - some arbitrary consistent manner, such as the most recently opened, most recently focused, or - more closely related, and set chosen to it.

      - -

      This will be made more precise in issue #313.

      -
    12. +
    13. Otherwise, if name is not an ASCII case-insensitive match for + "_blank", and there exists a navigable that is the result of + finding a navigable by target name given + name and currentNavigable, set chosen to that + navigable.

    14. Otherwise, a new top-level traversable is being requested, and what happens @@ -99559,6 +99719,11 @@ location.href = '#foo';

      about base URL
      a URL or null used to populate the new Document's about base URL
      + +
      user involvement
      +
      a user navigation involvement used when obtaining a browsing context for the new + Document

      Once a navigation params struct is created, this standard does not @@ -99863,8 +100028,8 @@ location.href = '#foo';

    15. Queue a global task on the navigation and traversal task source given navigable's active window to navigate to a javascript: URL given navigable, - url, historyHandling, initiatorOriginSnapshot, and - cspNavigationType.

    16. + url, historyHandling, initiatorOriginSnapshot, + userInvolvement, and cspNavigationType.

    17. Return.

    @@ -100089,6 +100254,9 @@ location.href = '#foo';
    about base URL
    documentState's about base URL
    + +
    user involvement
    +
    userInvolvement
@@ -100098,9 +100266,9 @@ location.href = '#foo';

Attempt to populate the history entry's document for historyEntry, given navigable, "navigate", sourceSnapshotParams, - targetSnapshotParams, navigationId, navigationParams, - cspNavigationType, with allowPOST - set to true and targetSnapshotParams, userInvolvement, navigationId, + navigationParams, cspNavigationType, with allowPOST set to true and completionSteps set to the following step:

@@ -100108,8 +100276,8 @@ location.href = '#foo';
  • Append session history traversal steps to navigable's traversable to finalize a cross-document - navigation given navigable, historyHandling, and - historyEntry.

  • + navigation given navigable, historyHandling, + userInvolvement, and historyEntry.

    @@ -100128,8 +100296,9 @@ location.href = '#foo';
    The usual cross-document navigation case

    To finalize a cross-document navigation given a navigable - navigable, history handling behavior historyHandling, and - session history entry historyEntry:

    + navigable, a history handling behavior historyHandling, a + user navigation involvement userInvolvement, and a session history + entry historyEntry:

    1. Assert: this is running on navigable's

    2. Apply the push/replace history step targetStep to - traversable given historyHandling.

    3. + traversable given historyHandling and userInvolvement.

    @@ -100233,8 +100402,9 @@ location.href = '#foo';

    To navigate to a javascript: URL, given a navigable targetNavigable, a URL url, a history handling - behavior historyHandling, an origin initiatorOrigin, - and a string cspNavigationType:

    + behavior historyHandling, an origin initiatorOrigin, a + user navigation involvement userInvolvement, and a string + cspNavigationType:

    1. Assert: historyHandling is "

    2. Let newDocument be the result of evaluating a javascript: URL given targetNavigable, - url, and initiatorOrigin.

    3. + url, initiatorOrigin, and userInvolvement.

    4. If newDocument is null, then return.

      @@ -100342,12 +100512,13 @@ location.href = '#foo';
    5. Append session history traversal steps to targetNavigable's traversable to finalize a cross-document navigation with targetNavigable, - historyHandling, and historyEntry.

    6. + historyHandling, userInvolvement, and historyEntry.

    To evaluate a javascript: URL given a navigable - targetNavigable, a URL url, and an origin - newDocumentOrigin:

    + targetNavigable, a URL url, an origin + newDocumentOrigin, and a user navigation involvement + userInvolvement:

    1. Let urlString be the result of running the

      about base URL
      targetNavigable's active document's about base URL
      + +
      user involvement
      +
      userInvolvement
    2. @@ -100623,8 +100797,8 @@ location.href = '#foo';
      1. Finalize a same-document navigation given traversable, - navigable, historyEntry, entryToReplace, and - historyHandling.

      2. + navigable, historyEntry, entryToReplace, + historyHandling, and userInvolvement.

      3. Invoke WebDriver BiDi fragment navigated with navigable's active browsing context and a new WebDriver BiDi navigation @@ -100639,8 +100813,8 @@ location.href = '#foo';

        To finalize a same-document navigation given a traversable navigable traversable, a navigable targetNavigable, a session history entry targetEntry, a session history entry-or-null - entryToReplace, and a history handling behavior - historyHandling:

        + entryToReplace, a history handling behavior historyHandling, + and a user navigation involvement userInvolvement:

        This is used by both fragment navigations and by the URL and history update steps, which are the only synchronous updates to @@ -100694,7 +100868,7 @@ location.href = '#foo';

      4. Apply the push/replace history step targetStep to - traversable given historyHandling.

        + traversable given historyHandling and userInvolvement.

        This is done even for "replace" navigations, as it resolves race @@ -100747,7 +100921,13 @@ location.href = '#foo';

        navigation timing type
        a NavigationTimingType used for creating the navigation timing entry for the new Document
        + entry">creating the navigation timing entry for the new Document (if one is + created) + +
        user involvement
        +
        a user navigation involvement used when obtaining a browsing context for the new + Document (if one is created)

        To attempt to create a non-fetch scheme document, @@ -100779,13 +100959,14 @@ location.href = '#foo';

      5. Handle url by displaying some sort of inline content, e.g., an error message - because the specified scheme is not one of the supported protocols, or an inline prompt to - allow the user to select a registered + because the specified scheme is not one of the supported protocols, or an inline prompt to allow + the user to select a registered handler for the given scheme. Return the result of displaying the inline content given navigable, - navigationParams's id, and + navigationParams's id, navigationParams's navigation - timing type.

        + timing type, and navigationParams's user involvement.

        In the case of a registered handler being used, navigate will be invoked with a new URL.

        @@ -100906,7 +101087,7 @@ location.href = '#foo'; canceled">check if unloading is canceled for a list of navigables navigablesThatNeedBeforeUnload, given an optional traversable navigable traversable, an optional integer - targetStep, and an optional user navigation involvement-or-null + targetStep, and an optional user navigation involvement userInvolvementForNavigateEvent, run these steps. They return "canceled-by-beforeunload", "canceled-by-navigate", or "continue".

        @@ -100955,8 +101136,6 @@ location.href = '#foo';
          -
        1. Assert: userInvolvementForNavigateEvent is not null.

        2. -
        3. Let eventsFired be false.

        4. Let needsBeforeunload be true if navigablesThatNeedBeforeUnload @@ -101208,7 +101387,8 @@ location.href = '#foo'; history traversal steps to traversable:

            -
          1. Apply the reload history step to traversable.

          2. +
          3. Apply the reload history step to traversable given + userInvolvement.

        @@ -101373,8 +101553,8 @@ location.href = '#foo';
        1. Finalize a same-document navigation given traversable, - navigable, newEntry, entryToReplace, and - historyHandling.

        2. + navigable, newEntry, entryToReplace, + historyHandling, and "none".

        3. Invoke WebDriver BiDi history updated with navigable.

        @@ -101414,10 +101594,11 @@ location.href = '#foo'; entry entry, given a navigable navigable, a NavigationTimingType navTimingType, a source snapshot params sourceSnapshotParams, a target snapshot params - targetSnapshotParams, an optional navigation ID-or-null - navigationId (default null), an optional navigation params-or-null - navigationParams (default null), an optional string cspNavigationType - (default "other"), an optional boolean targetSnapshotParams, a user navigation involvement + userInvolvement, an optional navigation ID-or-null navigationId + (default null), an optional navigation params-or-null navigationParams + (default null), an optional string cspNavigationType (default "other"), an optional boolean allowPOST (default false), and optional algorithm steps completionSteps (default an empty @@ -101444,7 +101625,7 @@ location.href = '#foo';
      6. If documentResource is a string, then set navigationParams to the result of creating navigation params from a srcdoc resource given entry, navigable, - targetSnapshotParams, navigationId, and + targetSnapshotParams, userInvolvement, navigationId, and navTimingType.

      7. @@ -101462,7 +101643,8 @@ location.href = '#foo';

        then set navigationParams to the result of creating navigation params by fetching given entry, navigable, sourceSnapshotParams, targetSnapshotParams, - cspNavigationType, navigationId, and navTimingType.

        + cspNavigationType, userInvolvement, navigationId, and + navTimingType.

      8. @@ -101495,6 +101677,9 @@ location.href = '#foo';
        navigation timing type
        navTimingType
        + +
        user involvement
        +
        userInvolvement
      @@ -101584,8 +101769,9 @@ location.href = '#foo';
    3. Set entry's document state's document to the result of creating a document for inline content that doesn't have a - DOM, given navigable, null, and navTimingType. The inline - content should indicate to the user the sort of error that occurred.

    4. + DOM, given navigable, null, navTimingType, and + userInvolvement. The inline content should indicate to the user the sort of error + that occurred.

    5. Make document unsalvageable given entry's document state's

      To create navigation params from a srcdoc resource given a session history entry entry, a navigable navigable, a target - snapshot params targetSnapshotParams, a navigation ID-or-null - navigationId, and a NavigationTimingType navTimingType:

      + snapshot params targetSnapshotParams, a user navigation involvement + userInvolvement, a navigation ID-or-null navigationId, and a + NavigationTimingType navTimingType:

      1. Let documentResource be entry's

        about base URL
        entry's document state's about base URL
        + +
        user involvement
        +
        userInvolvement
      @@ -101851,7 +102041,8 @@ location.href = '#foo'; session history entry entry, a navigable navigable, a source snapshot params sourceSnapshotParams, a target snapshot params targetSnapshotParams, a string - cspNavigationType, a navigation ID-or-null navigationId, and a + cspNavigationType, a user navigation involvement + userInvolvement, a navigation ID-or-null navigationId, and a NavigationTimingType navTimingType, perform the following steps. They return a navigation params, a non-fetch scheme navigation params, or null.

      @@ -102381,6 +102572,9 @@ location.href = '#foo';
      navigation timing type
      navTimingType
      + +
      user involvement
      +
      userInvolvement

      At this point, request's

      about base URL
      entry's document state's about base URL
      + +
      user involvement
      +
      userInvolvement
    @@ -102545,7 +102742,11 @@ location.href = '#foo';
    If the user agent's PDF viewer supported is true, return the result of creating a document for inline content that doesn't have a DOM given navigationParams's navigable.
    + data-x="navigation-params-navigable">navigable, navigationParams's id, navigationParams's navigation timing type, and + navigationParams's user + involvement.

    Otherwise, proceed onward.

    @@ -102573,8 +102774,10 @@ location.href = '#foo'; data-x="navigate-ua-inline">creating a document for inline content that doesn't have a DOM given navigationParams's navigable, navigationParams's id, and navigationParams's navigation timing type.

    + data-x="navigation-params-id">id, navigationParams's navigation timing type, and + navigationParams's user + involvement.

  • Otherwise, the document's type is such that the resource will not affect navigationParams's navigable, e.g., @@ -102641,18 +102844,19 @@ location.href = '#foo'; data-x="tn-current-session-history-step">current session history step.

  • Return the result of applying the history - step step to traversable given false, null, null, null, and - null.

  • + step step to traversable given false, null, null, "none", and null.

    To apply the push/replace history step given a non-negative integer step - and a history handling behavior historyHandling to a - traversable navigable traversable:

    + to a traversable navigable traversable, given a history handling + behavior historyHandling and a user navigation involvement + userInvolvement:

    1. Return the result of applying the history - step step to traversable given false, null, null, null, and - historyHandling.

    2. + step step to traversable given false, null, null, + userInvolvement, and historyHandling.

    Apply the push/replace history step never passes source @@ -102661,15 +102865,17 @@ location.href = '#foo'; data-x="navigate">navigation algorithm.

    To apply the reload history step to a traversable navigable - traversable:

    + traversable given user navigation involvement + userInvolvement:

    1. Let step be traversable's current session history step.

    2. Return the result of applying the history - step step to traversable given true, null, null, null, - and "reload".

    3. + step step to traversable given true, null, null, + userInvolvement, and "reload".

    Apply the reload history step never passes source snapshot @@ -102698,11 +102904,11 @@ location.href = '#foo'; non-negative integer step to a traversable navigable traversable, with boolean checkForCancelation, source snapshot params-or-null sourceSnapshotParams, navigable-or-null - initiatorToCheck, user navigation involvement-or-null - userInvolvementForNavigateEvents, and NavigationType-or-null - navigationType, perform the following steps. They return "initiator-disallowed", "canceled-by-beforeunload", "canceled-by-navigate", or "applied".

    + initiatorToCheck, user navigation involvement userInvolvement, + and NavigationType-or-null navigationType, perform the following steps. + They return "initiator-disallowed", "canceled-by-beforeunload", "canceled-by-navigate", or + "applied".

    1. Assert: This is running within traversable's

    2. If checkForCancelation is true, and the result of checking if unloading is canceled given navigablesCrossingDocuments, traversable, - targetStep, and userInvolvementForNavigateEvents is not "continue", then return that result.

    3. + targetStep, and userInvolvement is not "continue", + then return that result.

    4. Let changingNavigables be the result of get all navigables whose current session history entry will change or reload given traversable and @@ -102881,16 +103087,12 @@ location.href = '#foo';

      then:

        -
      1. Assert: userInvolvementForNavigateEvents is not - null.

      2. -
      3. Let navigation be navigable's active window's navigation API.

      4. Fire a traverse navigate event at - navigation given targetEntry and - userInvolvementForNavigateEvents.

      5. + navigation given targetEntry and userInvolvement.

    5. @@ -102936,8 +103138,9 @@ location.href = '#foo';
    6. In parallel, attempt to populate the history entry's document for targetEntry, given navigable, potentiallyTargetSpecificSourceSnapshotParams, targetSnapshotParams, - with allowPOST set to allowPOST - and completionSteps set to + userInvolvement, with allowPOST set + to allowPOST and completionSteps set to queue a global task on the navigation and traversal task source given navigable's active window to run afterDocumentPopulated.

    7. @@ -104428,18 +104631,10 @@ location.href = '#foo'; data-x="dom-DOMImplementation-createHTMLDocument">document.implementation.createHTMLDocument().

        -
      1. Let browsingContext be navigationParams's navigable's active browsing - context.

      2. -
      3. -

        Set browsingContext to the result of the Let browsingContext be the result of obtaining a browsing context to use for a - navigation response given browsingContext, navigationParams's - final sandboxing flag set, - navigationParams's cross-origin opener - policy, and navigationParams's COOP enforcement result.

        + navigation response given navigationParams.

        This can result in a browsing context @@ -105074,8 +105269,8 @@ new PaymentRequest(…); // Allowed to use

        When the user agent is to create a document to display a user agent page or PDF viewer inline, provided a navigable navigable, a navigation ID - navigationId, a NavigationTimingType navTimingType, the - user agent should:

        + navigationId, a NavigationTimingType navTimingType, and a + user navigation involvement userInvolvement, the user agent should:

        1. Let origin be a new opaque @@ -105144,6 +105339,9 @@ new PaymentRequest(…); // Allowed to use

          about base URL
          null
          + +
          user involvement
          +
          userInvolvement
        2. @@ -145948,6 +146146,7 @@ INSERT INTERFACES HERE Kevin Benson, Kevin Cole, Kevin Gadd, + Kevin McNee, Kevin Venkiteswaran, Khushal Sagar, Kinuko Yasuda,