-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable meta refresh when scripting is disabled #7203
base: main
Are you sure you want to change the base?
Conversation
Can you restore the PR template? It seems that if we were to do this it would have to be tested, in particular for sandboxed environments. And as such also require implementation bugs and interest. |
Done. Sorry. I used https://github.dev/whatwg/html to create this change and the template was not proposed. |
@@ -14962,6 +14962,9 @@ people expect to have work and what is necessary. | |||
<div w-nodev> | |||
|
|||
<ol> | |||
<li><p>If <span data-x="concept-environment-noscript">scripting is disabled</span> for | |||
<var>document</var>, then return.</p></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
concept-environment-noscript applies to environment settings objects, not to documents.
Additionally, document is not declared anywhere.
Suggested wording:
If scripting is disabled for the the meta element's relevant settings object, then return.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Thank you!
@domenic What are the next steps? |
The next steps are to gather multi-implementer interest and write web platform tests, per the PR template. |
This CL tracks usage of http refresh when scripting is disabled. It is meant to gauge how many websites would break if we were to block http refresh when user disabled Javascript. The goal would be to help accessibility tools being confused by continual reloads. Test: Go to https://meta-http-equiv-refresh.glitch.me/ and check chrome://histograms/UseCounter.Features HTML Spec PR: whatwg/html#7203 Change-Id: I2961a5ca05f4d2348e712673bb7686ea63b349b5 Bug: 63107 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3231179 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: François Beaufort <beaufort.francois@gmail.com> Cr-Commit-Position: refs/heads/main@{#933377}
FWIW, I worry that this behavior is problematic as this is often used as fallback for a scripted redirect solution. It seems better for browsers to provide a way to intercept these to give the user time to react. Firefox has |
Can you expand on this?
For future reference, here's the 21y bug for this: https://bugzilla.mozilla.org/show_bug.cgi?id=83265 |
@beaufortfrancois in that users with scripting disabled would end up with a broken experience, rather than getting redirected or getting a refresh every so often as they do now. |
Thanks! |
I'm not sure how that helps. We know (And also, people using assistive technology don't necessarily disable scripting by the way; I'd expect that most don't (otherwise ARIA wouldn't work).) |
If numbers are low enough of course, I still believe it would be worth pursuing: having a quick and easy way to disable meta refresh per website would make some users happy. |
Yes, but there's no reason to tie it to whether script runs. |
It seems to me this option is the most user friendly one as it doesn't clutter settings with yet another "specific" option. |
the problem with this option in Firefox, it is that redirect of all websites is blocked, without per site choice. This behavior ends with a broken experience. |
This doesn't cover the https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigating-across-documents:refresh |
FYI https://chromestatus.com/metrics/feature/timeline/popularity/4063 shows that 0.002750% of page loads in Google Chrome use HTTP Refresh when scripting is disabled. |
As stated in #7203 (comment) I don't think that statistic is useful here. |
An alternate approach here is to just not standardize this. The user agent is already allowed to do nothing, at its own preference, in step 13. If some browsers (such as Chrome) believe tying this to the disable-scripting UI is best, then they can do that. Whereas if other browsers (such as Firefox) believe tying this to a dedicated UI control, or not allowing user control at all, is best, then they can do that. We don't need a spec PR, if there isn't implementer agreement on tying scripting to meta refresh, and we just want to use the generic "do nothing" clause. |
This CL tracks usage of http refresh when scripting is disabled. It is meant to gauge how many websites would break if we were to block http refresh when user disabled Javascript. The goal would be to help accessibility tools being confused by continual reloads. Test: Go to https://meta-http-equiv-refresh.glitch.me/ and check chrome://histograms/UseCounter.Features HTML Spec PR: whatwg/html#7203 Change-Id: I2961a5ca05f4d2348e712673bb7686ea63b349b5 Bug: 63107 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3231179 Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: François Beaufort <beaufort.francois@gmail.com> Cr-Commit-Position: refs/heads/main@{#933377} NOKEYCHECK=True GitOrigin-RevId: 32c6f34e902866e29b0a242ca8a095c5663d6fbd
Users have been asking for a way to disable
<meta http-equiv="refresh">
from the browser since 2010. See https://bugs.chromium.org/p/chromium/issues/detail?id=63107I believe disabling meta refresh when JavaScript browser setting is disabled in browsers would help with accessibility tools being confused by continual reloads.
What do you think?
/semantics.html ( diff )