From 5a1b27e69a7f02e3697686f225609fd379c3d5b9 Mon Sep 17 00:00:00 2001 From: Kevin McNee Date: Tue, 3 Dec 2024 22:01:19 -0500 Subject: [PATCH] Make named window lookup more precise and correct BCG swap logic In "the rules for choosing a navigable," the method to find an existing navigable by name is vague. This updates the definition to accurately reflect what the major implementations do. There are some differences between implementations, so there remains in the spec some optional/implementation-defined behaviour, but it's much narrower. In particular, note that lookups are now explicitly scoped to browsing context groups. The previous language in the named lookup about "the user agent determines that the two browsing contexts are related enough" is now no longer a part of the lookup logic, but a consequence of the BCG swap decisions. In "obtain a browsing context to use for a navigation response," the existing spec only mentions COOP enforcement as a reason to do a browsing context group swap. Some implementations perform a swap for additional security and performance reasons. This is now reflected in the spec. --- source | 158 ++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 127 insertions(+), 31 deletions(-) diff --git a/source b/source index 3ec21624416..e5e8d8af891 100644 --- a/source +++ b/source @@ -87746,18 +87746,64 @@ dictionary DragEventInit : MouseEventInit {

To obtain a browsing context to use for a - navigation response, given a browsing context browsingContext, a - sandboxing flag set sandboxFlags, an opener policy - navigationCOOP, and an opener policy enforcement - result coopEnforcementResult:

+ navigation response, given navigation params navigationParams:

    +

  1. Let browsingContext be navigationParams's navigable's active browsing + context.

    2. +

  2. If browsingContext is not a top-level browsing context, then return browsingContext.

    3. +

  3. Let swapGroup be false.

    4. + +

  4. Let coopEnforcementResult be navigationParams's COOP enforcement result.

    5. + +

  5. If coopEnforcementResult's + needs a browsing context group switch is true, set swapGroup to true.

    6. + +

  6. Let sourceOrigin be browsingContext's + active document's origin.

    7. + +

  7. Let destinationOrigin be navigationParams's origin.

    8. + +

  8. Let sameSite be whether sourceOrigin is + same site with destinationOrigin.

    9. + +
  9. +

    If sameSite is false, then:

    +
      +

    1. If either of sourceOrigin or destinationOrigin have a scheme that is not an HTTP(S) scheme + and the user agent considers it necessary for sourceOrigin and + destinationOrigin to be isolated from each other (for + implementation-defined reasons), optionally set swapGroup + to true.

      +

      For example, if a user navigates from about:settings to + https://example.com, the user agent could force a swap.

      +
      2. + +

    2. If navigationParams's + user involvement is "browser UI", + optionally set swapGroup to true.

      3. +
    +
    10. + +

  10. If browsingContext's group's + browsing context set's size is 1, + optionally set swapGroup to true.

    +

    Some implementations swap browsing context groups here for performance reasons.

    +

    The check for other contexts that could script this one is not sufficient to + prevent differences in behavior that could affect a web page. Even if there are currently no other + contexts, the destination page could open a window, then if the user navigates back, the + previous page could expect to be able to script the opened window. Doing a swap here would + break that use case.

    11. +
  11. -

    If coopEnforcementResult's needs a - browsing context group switch is false, then:

    +

    If swapGroup is false, then:

    1. If coopEnforcementResult's DragEventInit : MouseEventInit { might destroy it at this point.

      2. +

    2. Let navigationCOOP be navigationParams's cross-origin opener policy.

      3. +

    3. If navigationCOOP's value is "same-origin-plus-COEP", then set @@ -87797,6 +87846,9 @@ dictionary DragEventInit : MouseEventInit { not.

      4. +

    4. Let sandboxFlags be navigationParams's final sandboxing flag set.

      5. +

    5. If sandboxFlags is not empty, then:

        @@ -97762,6 +97814,53 @@ interface NotRestoredReasons {
        +

        To find a navigable by target name given a string name and a navigable currentNavigable:

        +

        This will be made more precise in issue #313.

        + +
          +

        1. Let currentDocument be currentNavigable's active document.

          2. +

        2. Let sourceSnapshotParams be the result of snapshotting source snapshot params given currentDocument.

          3. +
        3. +

          Let subtreesToSearch be an implementation-defined choice of one of the following:

          +
            +

          • « currentNavigable's traversable navigable, currentNavigable »

            • +

          • the inclusive ancestor navigables of currentDocument

            • +
          +
          4. +
        4. +

          For each subtreeToSearch of subtreesToSearch, in reverse order:

          +
            +

          1. Let documentToSearch be subtreeToSearch's active document.

            2. +
          2. +

            For each navigable of the inclusive descendant navigables of documentToSearch:

            +
              +

            1. If currentNavigable is not allowed by sandboxing to navigate navigable given sourceSnapshotParams, optionally continue.

              2. +

            2. If navigable's target name is the same as name, return navigable.

              3. +
            +
            3. +
          +
          5. +

        5. Let currentTopLevelBrowsingContext be currentNavigable's active browsing context's top-level browsing context.

          6. +

        6. Let group be currentTopLevelBrowsingContext's group.

          7. +
        7. +

          For each topLevelBrowsingContext of group's browsing context set, in an implementation-defined order (the user agent should pick a consistent ordering, such as the most recently opened, most recently focused, or more closely related):

          +
            +

          1. If currentTopLevelBrowsingContext equals topLevelBrowsingContext, continue.

            2. +

          2. Let documentToSearch be topLevelBrowsingContext's active document.

            3. +
          3. +

            For each navigable of the inclusive descendant navigables of documentToSearch:

            +
              +

            1. If currentNavigable's active browsing context is not familiar with navigable's active browsing context, continue.

              2. +

            2. If currentNavigable is not allowed by sandboxing to navigate navigable given sourceSnapshotParams, optionally continue.

              3. +

            3. If navigable's target name is the same as name, return navigable.

              4. +
            +
            4. +
          +
          8. +

        8. Return null.

          9. +
        +

        The rules for choosing a navigable, given a string name, a navigable currentNavigable, and a boolean noopener are as follows:

        @@ -97788,18 +97887,8 @@ interface NotRestoredReasons {

      1. Otherwise, if name is not an ASCII case-insensitive match for "_blank", there exists a navigable whose target name is the same as name, - currentNavigable's active browsing context is - familiar with that navigable's active browsing - context, and the user agent determines that the two browsing contexts are related enough - that it is ok if they reach each other, set chosen to that navigable. If there are - multiple matching navigables, the user agent should pick one in - some arbitrary consistent manner, such as the most recently opened, most recently focused, or - more closely related, and set chosen to it.

        + data-x="">_blank", and there exists a navigable that is the result of finding a navigable by target name given name and currentNavigable, set chosen to that navigable. -

        This will be made more precise in issue #313.

      2. @@ -99528,6 +99617,9 @@ location.href = '#foo';
        about base URL
        a URL or null used to populate the new Document's about base URL
        + +
        user involvement
        +
        a user navigation involvement (default "none")

        Once a navigation params struct is created, this standard does not @@ -100058,6 +100150,9 @@ location.href = '#foo';

        about base URL
        documentState's about base URL
        + +
        user involvement
        +
        userInvolvement
      @@ -100068,7 +100163,7 @@ location.href = '#foo'; given navigable, "navigate", sourceSnapshotParams, targetSnapshotParams, navigationId, navigationParams, - cspNavigationType, with allowPOST + cspNavigationType, userInvolvement, with allowPOST set to true and completionSteps set to the following step:

      @@ -101386,7 +101481,9 @@ location.href = '#foo'; targetSnapshotParams, an optional navigation ID-or-null navigationId (default null), an optional navigation params-or-null navigationParams (default null), an optional string cspNavigationType - (default "other"), an optional boolean other"), an optional user navigation involvement + userInvolvement (default + "none"), an optional boolean allowPOST (default false), and optional algorithm steps completionSteps (default an empty @@ -101431,7 +101528,8 @@ location.href = '#foo';

      then set navigationParams to the result of creating navigation params by fetching given entry, navigable, sourceSnapshotParams, targetSnapshotParams, - cspNavigationType, navigationId, and navTimingType.

      + cspNavigationType, userInvolvement, navigationId, and + navTimingType.

    6. @@ -101820,7 +101918,8 @@ location.href = '#foo'; session history entry entry, a navigable navigable, a source snapshot params sourceSnapshotParams, a target snapshot params targetSnapshotParams, a string - cspNavigationType, a navigation ID-or-null navigationId, and a + cspNavigationType, a user navigation involvement + userInvolvement, a navigation ID-or-null navigationId, and a NavigationTimingType navTimingType, perform the following steps. They return a navigation params, a non-fetch scheme navigation params, or null.

      @@ -102450,6 +102549,9 @@ location.href = '#foo';
      about base URL
      entry's document state's about base URL
      + +
      user involvement
      +
      userInvolvement
    @@ -102905,6 +103007,7 @@ location.href = '#foo';

  12. In parallel, attempt to populate the history entry's document for targetEntry, given navigable, potentiallyTargetSpecificSourceSnapshotParams, targetSnapshotParams, + userInvolvementForNavigateEvents, with allowPOST set to allowPOST and completionSteps set to queue a global task on the navigation and traversal task source @@ -104397,18 +104500,10 @@ location.href = '#foo'; data-x="dom-DOMImplementation-createHTMLDocument">document.implementation.createHTMLDocument().

      -

    1. Let browsingContext be navigationParams's navigable's active browsing - context.

      2. -
    2. -

      Set browsingContext to the result of the Let browsingContext be the result of obtaining a browsing context to use for a - navigation response given browsingContext, navigationParams's - final sandboxing flag set, - navigationParams's cross-origin opener - policy, and navigationParams's COOP enforcement result.

      + navigation response given navigationParams.

      This can result in a browsing context @@ -145914,6 +146009,7 @@ INSERT INTERFACES HERE Kevin Benson, Kevin Cole, Kevin Gadd, + Kevin McNee, Kevin Venkiteswaran, Khushal Sagar, Kinuko Yasuda,