Can opaque origin documents navigate to javascript: URLs?

[jakearchibald]

In #6798 I preferred the Firefox model where a javascript: navigation creates a history entry with a new document state (rather than Chrome's model where it updates the existing document state).

However, it creates an interesting situation:

1. Navigate to data:text/html;charset=utf-8,%3Cp%3Ehello%3C%2Fp%3E
2. location.href = 'javascript:"hello"'

In the Firefox model, this would create two history entries that have different documents, but exist in the same opaque origin. However, Firefox disallows this kind of navigation.

Opaque origins aren't serialisable, so there's no guarantee that the two entries will remain same origin to each other after things like a browser restart.

Options:

• Disallow this kind of navigation (like Firefox currently does).
• Create a new opaque origin in step 2 above (although a synchronous origin switch seems bad).
• Allow opaque origins to be serialised in some way.

This came up in WICG/navigation-api#167

[domenic]

Firefox behavior here seems reasonable to me too.

[jakearchibald]

I missed a case in WICG/navigation-api#167 where @annevk points out blob URLs may be able to create same-opaque-origin navigations.

There's also the case where an opaque origin page creates an iframe and navigates it to something that should be same origin, such as blob: or javascript:. I haven't tested these, but again the non-serialisable nature of opaque URLs causes problems here.