Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow same-document scroll to text navigations #21172

Open
wants to merge 1 commit into
base: master
from

Conversation

@chromium-wpt-export-bot
Copy link
Collaborator

chromium-wpt-export-bot commented Jan 14, 2020

We originally disallowed same-document scroll to text navigations as a
security mitigation. We now have a better idea of the security concerns,
which are mitigated by ensuring the frame is not script accessible by
another frame, in which case it is safe to do a same-document scroll to
text navigation.

Even for same-document scroll to text navigations, we still require it
to be a user navigation (e.g. link click or user activated script) or a
browser navigation (e.g. same-document bookmark clicked).

Bug: 1041065 1023640
Change-Id: I2924ae9fc4bb01db4b75f184cc1fb70fae487b1c

Reviewed-on: https://chromium-review.googlesource.com/1999000
WPT-Export-Revision: 4ab89fbe2b24dcedbdcc223b505c6f4a6b04118d

We originally disallowed same-document scroll to text navigations as a
security mitigation. We now have a better idea of the security concerns,
which are mitigated by ensuring the frame is not script accessible by
another frame, in which case it is safe to do a same-document scroll to
text navigation.

Even for same-document scroll to text navigations, we still require it
to be a user navigation (e.g. link click or user activated script) or a
browser navigation (e.g. same-document bookmark clicked).

Bug: 1041065 1023640
Change-Id: I2924ae9fc4bb01db4b75f184cc1fb70fae487b1c
Copy link
Collaborator

wpt-pr-bot left a comment

The review process for this patch is being conducted in the Chromium project.

@gsnedders gsnedders closed this Jan 24, 2020
@gsnedders gsnedders deleted the chromium-export-cl-1999000 branch Jan 24, 2020
@gsnedders gsnedders restored the chromium-export-cl-1999000 branch Jan 24, 2020
@Hexcles Hexcles reopened this Jan 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.