Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit NavigationActivation on pageswap to same-origin navigations with no cross-origin redirects #10196

Closed
khushalsagar opened this issue Mar 12, 2024 · 0 comments
Closed

Limit NavigationActivation on pageswap to same-origin navigations with no cross-origin redirects #10196

khushalsagar opened this issue Mar 12, 2024 · 0 comments
Labels
topic: navigation

Comments

@khushalsagar
Copy link
Contributor

What is the issue with the HTML Standard?

Currently the spec populates the activation attribute on pageswap if the old and new Document in the navigation are same-origin. This came up as a concern during Blink's security review of the feature. In the interest of limiting information exposure to when its strictly necessary, we'd like to only provide this information when the navigation is same-origin and there are no cross-origin URLs in the redirect chain.

@noamr @smaug---- @zcorpan @nt1m
This was referenced Mar 12, 2024
Closed
Closed
Closed
rubberyuzu pushed a commit to rubberyuzu/html that referenced this issue Apr 8, 2024
@noamr @rubberyuzu
Disable PageSwapEvent's activation on cross-origin redirects
d2887e5 
Closes whatwg#10196.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Apr 8, 2024
@rubberyuzu
add capital ref
abb228b 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Apr 8, 2024
@rubberyuzu
add capital ref
be5b6e5 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue May 13, 2024
@rubberyuzu
add capital ref
53079b7 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue May 20, 2024
@rubberyuzu
add capital ref
71dd2a7 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Jun 17, 2024
@rubberyuzu
add capital ref
34ca3d7 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Jun 25, 2024
@rubberyuzu
add capital ref
e1de196 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Aug 20, 2024
@rubberyuzu
add capital ref
ad2a9f7 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
rubberyuzu added a commit to rubberyuzu/html that referenced this issue Aug 27, 2024
@rubberyuzu
add capital ref
435208d 
Allow top layer elements to be nested within popovers

This allows top layer elements, including the dialog element, to be nested inside of an open popover, by not closing the popover when the new top layer element is opened. Without this patch, opening a modal dialog inside of a popover will make the page inert and make the dialog invisible.

Fixes whatwg#9998. See also whatwg/fullscreen#237.

Editorial: order of comparisons

For consistency:
- greater than or equal to
- less than or equal to

Improve element reflection

This attempts to make the following improvements:

1. Make it more clear that initializing attr is not the first step in an algorithm, but rather something that counts for all the list items.
2. Rewrite the associated element(s) fields as algorithms. As there are no downstream references so far this is a change we can still make.
3. Add another layer of caching that is separate from the FrozenArray to avoid having to compare a list of elements with a FrozenArray directly.

This helps with whatwg#10219.

Disable PageSwapEvent's activation on cross-origin redirects

Closes whatwg#10196.

Upstream Long Animation Frames monkey-patches

Long Animation Frames (https://w3c.github.io/long-animation-frames/) expects a few calls from HTML and other specs, for reporting when tasks, rendering or JS entry points take place. This moves those calls from the Long Animation Frames spec to HTML.

Preload: only allow certain values for as=""

Closes whatwg#8332.

Call the view transition page visibility change steps

This allows the CSS view-transitions spec to react to page visibility changes. Specifically, skip the active transition once a page is hidden.

See w3c/csswg-drafts#9543.

Style marquee using overflow: hidden

This matches Chromium and WebKit. Tests will be worked on in https://bugzilla.mozilla.org/show_bug.cgi?id=306344.

Editorial: export Element's innerText getter and setter steps

These will be used by Trusted Types (and eventually HTML once upstreamed) as part of shadowing this attribute to HTMLScriptElement.

Add getHTML() and serializable shadow roots

Corresponding DOM PR: whatwg/dom#1256.

Closes whatwg#8867.

Co-authored-by: Domenic Denicola <[email protected]>

Make buttons respect display: none/contents in button layout

Fixes whatwg#10238. This matches what is already implemented in browsers.

Remove duplicate requirement for 'overflow' for marquee

The duplication was introduced by whatwg#10243.

Meta: make all the SVGs darkmode-aware

Also tag them as such, so that they don't get a white background after whatwg/whatwg.org#439 is merged.

Warn that the XML syntax is not recommended

Closes whatwg#10237.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: navigation
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zcorpan @khushalsagar