You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In #6798 I preferred the Firefox model where a javascript: navigation creates a history entry with a new document state (rather than Chrome's model where it updates the existing document state).
However, it creates an interesting situation:
Navigate to data:text/html;charset=utf-8,%3Cp%3Ehello%3C%2Fp%3E
location.href = 'javascript:"hello"'
In the Firefox model, this would create two history entries that have different documents, but exist in the same opaque origin. However, Firefox disallows this kind of navigation.
Opaque origins aren't serialisable, so there's no guarantee that the two entries will remain same origin to each other after things like a browser restart.
Options:
Disallow this kind of navigation (like Firefox currently does).
Create a new opaque origin in step 2 above (although a synchronous origin switch seems bad).
Allow opaque origins to be serialised in some way.
I missed a case in WICG/navigation-api#167 where @annevk points out blob URLs may be able to create same-opaque-origin navigations.
There's also the case where an opaque origin page creates an iframe and navigates it to something that should be same origin, such as blob: or javascript:. I haven't tested these, but again the non-serialisable nature of opaque URLs causes problems here.
In #6798 I preferred the Firefox model where a
javascript:
navigation creates a history entry with a new document state (rather than Chrome's model where it updates the existing document state).However, it creates an interesting situation:
data:text/html;charset=utf-8,%3Cp%3Ehello%3C%2Fp%3E
location.href = 'javascript:"hello"'
In the Firefox model, this would create two history entries that have different documents, but exist in the same opaque origin. However, Firefox disallows this kind of navigation.
Opaque origins aren't serialisable, so there's no guarantee that the two entries will remain same origin to each other after things like a browser restart.
Options:
This came up in WICG/navigation-api#167
The text was updated successfully, but these errors were encountered: