Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1659604 [wpt PR 25061] - Enable text fragments across redirects, …
…a=testonly Automatic update from web-platform-tests Enable text fragments across redirects A text fragment occurs in a URL fragment and begins with ":~:text=...". It is used to highlight and scroll the provided text into view when the page is loaded. For user privacy reasons, we restrict scrolling the text into view unless the navigation occurred via a user gesture. See: https://github.com/WICG/scroll-to-text-fragment#security-considerations for more details. However, it is common (particularly on social and messaging services where content is user-generated) for links to be served via a redirect. A typical example (from chat.google.com) works like this: 1. User receives and clicks a link to https://example.com#:~:text=foo" 2. chat.google.com opens a new tab using window.open("", "_blank") 3. chat.google.com calls document.write on the newly opened window to write a <meta> tag-based client redirect to google.com/url?url=https://example.com... which is the URL redirection service with the destination URL as a query param. 4. google.com/url then calls window.location and writes "https://example.com#:~:text=foo" into it 5. the new tab finally navigates to example.com The only navigation that had a user gesture attached to it is the initial empty document navigation in step 2. This means the example.com page is navigated to without a user gesture and the text fragment is blocked. A similar pattern is seen on many popular services: Twitter, Instagram, Facebook Messenger, etc. This CL solves the above scenario by introducing a "text fragment token". This token grants its holder permission to invoke a text fragment. The token can be used during load to invoke the text fragment, or it can be passed into a navigation to grant permission to the next page without requiring a user gesture. However, in either case, the token is consumed so a page cannot both invoke a text fragment and pass the token. The token is created in only in DocumentLoader's constructor and while processing a same-document navigation. For regular navigations, it is only created if the current navigation was user initiated. For same-document navigations, it's created only if browser-initiated and the navigation has a text fragment. This mechanism can be thought of as a user gesture that applies only to text fragment and whose lifetime extends across navigations but cannot be copied and is always consumed on use. Bug: 1055455 Change-Id: Icddd849937d24b579bbeb5a4b9f87539d8339905 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2159324 Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: David Bokan <bokan@chromium.org> Cr-Commit-Position: refs/heads/master@{#799173} -- wpt-commits: 392793004f49b07eb813b2c600ef438d4b176524 wpt-pr: 25061
- Loading branch information