Skip to content

Commit

Permalink
Make named window lookup more precise and correct BCG swap logic
Browse files Browse the repository at this point in the history
In "the rules for choosing a navigable," the method to find an existing
navigable by name is vague. This updates the definition to accurately
reflect what the major implementations do. There are some differences
between implementations, so there remains in the spec some
optional/implementation-defined behaviour, but it's much narrower.
In particular, note that lookups are now explicitly scoped to
browsing context groups. The previous language in the named lookup
about "the user agent determines that the two browsing contexts are
related enough" is now no longer a part of the lookup logic, but a
consequence of the BCG swap decisions.

In "obtain a browsing context to use for a navigation response," the
existing spec only mentions COOP enforcement as a reason to do a
browsing context group swap. Some implementations perform a swap for
additional security and performance reasons. This is now reflected
in the spec.
  • Loading branch information
kjmcnee committed Dec 4, 2024
1 parent e981fc3 commit 90cb46c
Showing 1 changed file with 127 additions and 31 deletions.
158 changes: 127 additions & 31 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -87743,18 +87743,64 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
</ol>

<p>To <dfn data-x="obtain-browsing-context-navigation">obtain a browsing context to use for a
navigation response</dfn>, given a <span>browsing context</span> <var>browsingContext</var>, a
<span>sandboxing flag set</span> <var>sandboxFlags</var>, an <span>opener policy</span>
<var>navigationCOOP</var>, and an <span data-x="coop-enforcement-result">opener policy enforcement
result</span> <var>coopEnforcementResult</var>:</p>
navigation response</dfn>, given <span>navigation params</span> <var>navigationParams</var>:</p>

<ol>
<li><p>Let <var>browsingContext</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-navigable">navigable</span>'s <span data-x="nav-bc">active browsing
context</span>.</p></li>

<li><p>If <var>browsingContext</var> is not a <span>top-level browsing context</span>, then
return <var>browsingContext</var>.</p></li>

<li><p>Let <var>swapGroup</var> be false.</p></li>

<li><p>Let <var>coopEnforcementResult</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-coop-enforcement-result">COOP enforcement result</span>.</p></li>

<li><p>If <var>coopEnforcementResult</var>'s <span data-x="coop-enforcement-bcg-switch">
needs a browsing context group switch</span> is true, set <var>swapGroup</var> to true.</p></li>

<li><p>Let <var>sourceOrigin</var> be <var>browsingContext</var>'s
<span>active document</span>'s <span data-x="concept-document-origin">origin</span>.</p></li>

<li><p>Let <var>destinationOrigin</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-origin">origin</span>.</p></li>

<li><p>Let <var>sameSite</var> be whether <var>sourceOrigin</var> is
<span>same site</span> with <var>destinationOrigin</var>.</p></li>

<li>
<p>If <var>sameSite</var> is false, then:</p>
<ol>
<li><p>If either of <var>sourceOrigin</var> or <var>destinationOrigin</var> have a <span
data-x="concept-origin-scheme">scheme</span> that is not an <span>HTTP(S) scheme</span>
and the user agent considers it necessary for <var>sourceOrigin</var> and
<var>destinationOrigin</var> to be isolated from each other (for
<span>implementation-defined</span> reasons), optionally set <var>swapGroup</var>
to true.</p>
<p class="note">For example, if a user navigates from <code data-x="">about:settings</code> to
<code data-x="">https://example.com</code>, the user agent could force a swap.</p>
</li>

<li><p>If <var>navigationParams</var>'s <span data-x="navigation-params-user-involvement">
user involvement</span> is "<code data-x="uni-browser-ui">browser UI</code>",
optionally set <var>swapGroup</var> to true.</p></li>
</ol>
</li>

<li><p>If <var>browsingContext</var>'s <span data-x="tlbc group">group</span>'s
<span>browsing context set</span>'s <span data-x="list size">size</span> is 1,
optionally set <var>swapGroup</var> to true.</p>
<p class="note">Some implementations swap browsing context groups here for performance reasons.</p>
<p class="note">The check for other contexts that could script this one is not sufficient to
prevent differences in behavior that could affect a web page. Even if there are currently no other
contexts, the destination page could open a window, then if the user navigates back, the
previous page could expect to be able to script the opened window. Doing a swap here would
break that use case.</p></li>

<li>
<p>If <var>coopEnforcementResult</var>'s <span data-x="coop-enforcement-bcg-switch">needs a
browsing context group switch</span> is false, then:</p>
<p>If <var>swapGroup</var> is false, then:</p>

<ol>
<li><p>If <var>coopEnforcementResult</var>'s <span
Expand All @@ -87778,6 +87824,9 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
might <a href="#a-browsing-context-is-discarded">destroy it</a> at this point.</p>
</li>

<li><p>Let <var>navigationCOOP</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-coop">cross-origin opener policy</span>.</p></li>

<li>
<p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is "<code
data-x="coop-same-origin-plus-COEP">same-origin-plus-COEP</code>", then set
Expand All @@ -87794,6 +87843,9 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
not.</p>
</li>

<li><p>Let <var>sandboxFlags</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-sandboxing">final sandboxing flag set</span>.</p></li>

<li>
<p>If <var>sandboxFlags</var> is not empty, then:</p>
<ol>
Expand Down Expand Up @@ -97759,6 +97811,53 @@ interface <dfn interface>NotRestoredReasons</dfn> {

<hr>

<p>To <dfn>find a navigable by target name</dfn> given a string <var>name</var> and a <span>navigable</span> <var>currentNavigable</var>:</p>
<p class="XXX">This will be made more precise in <a
href="https://github.com/whatwg/html/issues/313">issue #313</a>.</p>

<ol>
<li><p>Let <var>currentDocument</var> be <var>currentNavigable</var>'s <span data-x="nav-document">active document</span>.</p></li>
<li><p>Let <var>sourceSnapshotParams</var> be the result of <span>snapshotting source snapshot params</span> given <var>currentDocument</var>.</p></li>
<li>
<p>Let <var>subtreesToSearch</var> be an <span>implementation-defined</span> choice of one of the following:</p>
<ul>
<li><p>« <var>currentNavigable</var>'s <span data-x="nav-traversable">traversable navigable</span>, <var>currentNavigable</var> »</p></li>
<li><p>the <span>inclusive ancestor navigables</span> of <var>currentDocument</var></p></li>
</ul>
</li>
<li>
<p><span data-x="list iterate">For each</span> <var>subtreeToSearch</var> of <var>subtreesToSearch</var>, in reverse order:</p>
<ol>
<li><p>Let <var>documentToSearch</var> be <var>subtreeToSearch</var>'s <span data-x="nav-document">active document</span>.</p></li>
<li>
<p><span data-x="list iterate">For each</span> <var>navigable</var> of the <span>inclusive descendant navigables</span> of <var>documentToSearch</var>:</p>
<ol>
<li><p>If <var>currentNavigable</var> is not <span>allowed by sandboxing to navigate</span> <var>navigable</var> given <var>sourceSnapshotParams</var>, optionally <span>continue</span>.</p></li>
<li><p>If <var>navigable</var>'s <span data-x="nav-target">target name</span> is the same as <var>name</var>, return <var>navigable</var>.</p></li>
</ol>
</li>
</ol>
</li>
<li><p>Let <var>currentTopLevelBrowsingContext</var> be <var>currentNavigable</var>'s <span data-x="nav-bc">active browsing context</span>'s <span data-x="bc-tlbc">top-level browsing context</span>.</p></li>
<li><p>Let <var>group</var> be <var>currentTopLevelBrowsingContext</var>'s <span data-x="tlbc group">group</span>.</p></li>
<li>
<p><span data-x="list iterate">For each</span> <var>topLevelBrowsingContext</var> of <var>group</var>'s <span>browsing context set</span>, in an <span>implementation-defined</span> order (the user agent should pick a consistent ordering, such as the most recently opened, most recently focused, or more closely related):</p>
<ol>
<li><p>If <var>currentTopLevelBrowsingContext</var> equals <var>topLevelBrowsingContext</var>, <span>continue</span>.</p></li>
<li><p>Let <var>documentToSearch</var> be <var>topLevelBrowsingContext</var>'s <span>active document</span>.</p></li>
<li>
<p><span data-x="list iterate">For each</span> <var>navigable</var> of the <span>inclusive descendant navigables</span> of <var>documentToSearch</var>:</p>
<ol>
<li><p>If <var>currentNavigable</var>'s <span data-x="nav-bc">active browsing context</span> is not <span>familiar with</span> <var>navigable</var>'s <span data-x="nav-bc">active browsing context</span>, <span>continue</span>.</p></li>
<li><p>If <var>currentNavigable</var> is not <span>allowed by sandboxing to navigate</span> <var>navigable</var> given <var>sourceSnapshotParams</var>, optionally <span>continue</span>.</p></li>
<li><p>If <var>navigable</var>'s <span data-x="nav-target">target name</span> is the same as <var>name</var>, return <var>navigable</var>.</p></li>
</ol>
</li>
</ol>
</li>
<li><p>Return null.</p></li>
</ol>

<p id="the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name"><dfn>The rules
for choosing a navigable</dfn>, given a string <var>name</var>, a <span>navigable</span>
<var>currentNavigable</var>, and a boolean <var>noopener</var> are as follows:</p>
Expand All @@ -97785,18 +97884,8 @@ interface <dfn interface>NotRestoredReasons</dfn> {

<li>
<p>Otherwise, if <var>name</var> is not an <span>ASCII case-insensitive</span> match for "<code
data-x="">_blank</code>", there exists a <span>navigable</span> whose <span
data-x="nav-target">target name</span> is the same as <var>name</var>,
<var>currentNavigable</var>'s <span data-x="nav-bc">active browsing context</span> is
<span>familiar with</span> that <span>navigable</span>'s <span data-x="nav-bc">active browsing
context</span>, and the user agent determines that the two browsing contexts are related enough
that it is ok if they reach each other, set <var>chosen</var> to that navigable. If there are
multiple matching <span data-x="navigable">navigables</span>, the user agent should pick one in
some arbitrary consistent manner, such as the most recently opened, most recently focused, or
more closely related, and set <var>chosen</var> to it.</p>
data-x="">_blank</code>", and there exists a <span>navigable</span> that is the result of <span data-x="find a navigable by target name">finding a navigable by target name</span> given <var>name</var> and <var>currentNavigable</var>, set <var>chosen</var> to that navigable.

<p class="XXX">This will be made more precise in <a
href="https://github.com/whatwg/html/issues/313">issue #313</a>.</p>
</li>

<li>
Expand Down Expand Up @@ -99525,6 +99614,9 @@ location.href = '#foo';</code></pre>
<dt><dfn data-x="navigation-params-about-base-url">about base URL</dfn></dt>
<dd>a <span>URL</span> or null used to populate the new <code>Document</code>'s <span
data-x="concept-document-about-base-url">about base URL</span></dd>

<dt><dfn data-x="navigation-params-user-involvement">user involvement</dfn></dt>
<dd>a <span>user navigation involvement</span> (default "<code data-x="uni-none">none</code>")</dd>
</dl>

<p class="note">Once a <span>navigation params</span> struct is created, this standard does not
Expand Down Expand Up @@ -100055,6 +100147,9 @@ location.href = '#foo';</code></pre>
<dt><span data-x="navigation-params-about-base-url">about base URL</span></dt>
<dd><var>documentState</var>'s <span data-x="document-state-about-base-url">about base
URL</span></dd>

<dt><span data-x="navigation-params-user-involvement">user involvement</span></dt>
<dd><var>userInvolvement</var></dd>
</dl>
</li>
</ol>
Expand All @@ -100065,7 +100160,7 @@ location.href = '#foo';</code></pre>
given <var>navigable</var>, "<code
data-x="dom-navigationtimingtype-navigate">navigate</code>", <var>sourceSnapshotParams</var>,
<var>targetSnapshotParams</var>, <var>navigationId</var>, <var>navigationParams</var>,
<var>cspNavigationType</var>, with <i data-x="attempt-to-populate-allow-post">allowPOST</i>
<var>cspNavigationType</var>, <var>userInvolvement</var>, with <i data-x="attempt-to-populate-allow-post">allowPOST</i>
set to true and <i
data-x="attempt-to-populate-completion-steps">completionSteps</i> set to the following
step:</p>
Expand Down Expand Up @@ -101383,7 +101478,9 @@ location.href = '#foo';</code></pre>
<var>targetSnapshotParams</var>, an optional <span>navigation ID</span>-or-null
<var>navigationId</var> (default null), an optional <span>navigation params</span>-or-null
<var>navigationParams</var> (default null), an optional string <var>cspNavigationType</var>
(default "<code data-x="">other</code>"), an optional boolean <dfn
(default "<code data-x="">other</code>"), an optional <span>user navigation involvement</span>
<dfn data-x="attempt-to-populate-user-involvement"><var>userInvolvement</var></dfn> (default
"<code data-x="uni-none">none</code>"), an optional boolean <dfn
data-x="attempt-to-populate-allow-post"><var>allowPOST</var></dfn> (default false), and optional
algorithm steps <dfn
data-x="attempt-to-populate-completion-steps"><var>completionSteps</var></dfn> (default an empty
Expand Down Expand Up @@ -101428,7 +101525,8 @@ location.href = '#foo';</code></pre>
<p>then set <var>navigationParams</var> to the result of <span data-x="create navigation
params by fetching">creating navigation params by fetching</span> given <var>entry</var>,
<var>navigable</var>, <var>sourceSnapshotParams</var>, <var>targetSnapshotParams</var>,
<var>cspNavigationType</var>, <var>navigationId</var>, and <var>navTimingType</var>.</p>
<var>cspNavigationType</var>, <var>userInvolvement</var>, <var>navigationId</var>, and
<var>navTimingType</var>.</p>
</li>

<li>
Expand Down Expand Up @@ -101817,7 +101915,8 @@ location.href = '#foo';</code></pre>
<span>session history entry</span> <var>entry</var>, a <span>navigable</span>
<var>navigable</var>, a <span>source snapshot params</span> <var>sourceSnapshotParams</var>, a
<span>target snapshot params</span> <var>targetSnapshotParams</var>, a string
<var>cspNavigationType</var>, a <span>navigation ID</span>-or-null <var>navigationId</var>, and a
<var>cspNavigationType</var>, a <span>user navigation involvement</span>
<var>userInvolvement</var>, a <span>navigation ID</span>-or-null <var>navigationId</var>, and a
<code>NavigationTimingType</code> <var>navTimingType</var>, perform the following steps. They
return a <span>navigation params</span>, a <span>non-fetch scheme navigation params</span>, or
null.</p>
Expand Down Expand Up @@ -102447,6 +102546,9 @@ location.href = '#foo';</code></pre>
<dt><span data-x="navigation-params-about-base-url">about base URL</span></dt>
<dd><var>entry</var>'s <span data-x="she-document-state">document state</span>'s <span
data-x="document-state-about-base-url">about base URL</span></dd>

<dt><span data-x="navigation-params-user-involvement">user involvement</span></dt>
<dd><var>userInvolvement</var></dd>
</dl>
</li>
</ol>
Expand Down Expand Up @@ -102902,6 +103004,7 @@ location.href = '#foo';</code></pre>
<li><p><span>In parallel</span>, <span>attempt to populate the history entry's
document</span> for <var>targetEntry</var>, given <var>navigable</var>,
<var>potentiallyTargetSpecificSourceSnapshotParams</var>, <var>targetSnapshotParams</var>,
<var>userInvolvementForNavigateEvents</var>,
with <i data-x="attempt-to-populate-allow-post">allowPOST</i> set to <var>allowPOST</var>
and <span data-x="attempt-to-populate-completion-steps"><i>completionSteps</i></span> set to
<span>queue a global task</span> on the <span>navigation and traversal task source</span>
Expand Down Expand Up @@ -104394,18 +104497,10 @@ location.href = '#foo';</code></pre>
data-x="dom-DOMImplementation-createHTMLDocument">document.implementation.createHTMLDocument()</code>.</p>

<ol>
<li><p>Let <var>browsingContext</var> be <var>navigationParams</var>'s <span
data-x="navigation-params-navigable">navigable</span>'s <span data-x="nav-bc">active browsing
context</span>.</p></li>

<li>
<p>Set <var>browsingContext</var> to the result of the <span
<p>Let <var>browsingContext</var> be the result of <span
data-x="obtain-browsing-context-navigation">obtaining a browsing context to use for a
navigation response</span> given <var>browsingContext</var>, <var>navigationParams</var>'s
<span data-x="navigation-params-sandboxing">final sandboxing flag set</span>,
<var>navigationParams</var>'s <span data-x="navigation-params-coop">cross-origin opener
policy</span>, and <var>navigationParams</var>'s <span
data-x="navigation-params-coop-enforcement-result">COOP enforcement result</span>.</p>
navigation response</span> given <var>navigationParams</var>.</p>

<p class="note">This can result in a <a
href="#browsing-context-group-switches-due-to-cross-origin-opener-policy">browsing context
Expand Down Expand Up @@ -145911,6 +146006,7 @@ INSERT INTERFACES HERE
Kevin Benson,
Kevin Cole,
Kevin Gadd,
Kevin McNee,
Kevin Venkiteswaran,
Khushal Sagar,
Kinuko Yasuda,
Expand Down

0 comments on commit 90cb46c

Please sign in to comment.