Enforce noopener on cross-top-level-site Blob URLs #10731

recvfrom · 2024-10-30T20:50:16Z

Enforce noopener on cross-top-level-site Blob URL navigations

This change causes noopener to be set for window.open, clicks
on 'a' / 'area' elements, and form submissions where the corresponding
Blob URL is cross-site to the top-level site of the context performing
the action. This corresponds to the discussion in
w3c/FileAPI#153.

At least two implementers are interested (and none opposed):
- WebKit: Blob URL store partitioning w3c/FileAPI#153 (comment)
- Gecko: Blob URL store partitioning w3c/FileAPI#153 (comment)
- Chromium: Blob URL store partitioning w3c/FileAPI#153 (comment)
Tests are written and can be reviewed and commented upon at:
- https://chromium-review.googlesource.com/c/chromium/src/+/5967596 (with additional tests for the 'a' / 'area' link click noopener changes in https://chromium-review.googlesource.com/c/chromium/src/+/5979376)
Implementation bugs are filed:
- Chromium: https://crbug.com/361751872
- Gecko: https://bugzilla.mozilla.org/show_bug.cgi?id=1928383
- WebKit: https://bugs.webkit.org/show_bug.cgi?id=282387
- Deno (only for timers, structured clone, base64 utils, channel messaging, module resolution, web workers, and web storage): N/A
- Node.js (only for timers, structured clone, base64 utils, channel messaging, and module resolution): N/A
MDN issue is filed: Note that Blob URL usage is restricted due to storage partitioning mdn/content#36542
The top of this comment includes a clear commit message to use.

(See WHATWG Working Mode: Changes for more details.)

/form-control-infrastructure.html ( diff )
/links.html ( diff )
/nav-history-apis.html ( diff )

This change causes noopener to be set for window.open, clicks on 'a' / 'area' elements, and form submissions where the corresponding Blob URL is cross-site to the top-level site of the context performing the action. This corresponds to the discussion in w3c/FileAPI#153.

source

annevk · 2024-11-05T15:12:33Z

Also, this looks really good overall! And also seems like a great privacy improvement! Thanks for tackling it.

recvfrom · 2024-11-06T02:36:29Z

Also, this looks really good overall! And also seems like a great privacy improvement! Thanks for tackling it.

Thank you! :D

annevk

This looks good to me modulo these final nits. I'd like to wait until next week so @domenic has a chance to skim this too as he's quite familiar with the window open steps as well.

source

annevk

Very nice. Feel free to ping in two weeks or so if @domenic hasn't had a chance in which case I'll do one more final read and land this.

source

Associated spec PRs: - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs Bug: 40057646 Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b

Associated spec PRs: - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs Bug: 40057646 Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596 Reviewed-by: Steven Bingler <[email protected]> Commit-Queue: Andrew Williams <[email protected]> Cr-Commit-Position: refs/heads/main@{#1394563}

…PTs permanent, a=testonly Automatic update from web-platform-tests [Blob URL] Make tentative partitioning WPTs permanent Associated spec PRs: - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs Bug: 40057646 Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596 Reviewed-by: Steven Bingler <[email protected]> Commit-Queue: Andrew Williams <[email protected]> Cr-Commit-Position: refs/heads/main@{#1394563} -- wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d wpt-pr: 49629

…PTs permanent, a=testonly Automatic update from web-platform-tests [Blob URL] Make tentative partitioning WPTs permanent Associated spec PRs: - w3c/FileAPI#201 - Partition Blob URL revocation by Storage Key - whatwg/fetch#1783 - Partition Blob URL fetches by Storage Key - whatwg/html#10731 - Enforce noopener on cross-top-level-site Blob URLs Bug: 40057646 Change-Id: I953598ab3f81d5998e8398057739e0428bc23e4b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5967596 Reviewed-by: Steven Bingler <binglerchromium.org> Commit-Queue: Andrew Williams <awilliachromium.org> Cr-Commit-Position: refs/heads/main{#1394563} -- wpt-commits: 949cc8c7c7067de75af00d1ba60d6921582f9c5d wpt-pr: 49629 UltraBlame original commit: eeba0835a846042567009b99eb22224cfacd0380

recvfrom force-pushed the main branch from b4887f9 to 6b200c3 Compare October 30, 2024 20:58

recvfrom marked this pull request as ready for review October 31, 2024 13:54

recvfrom mentioned this pull request Oct 31, 2024

Blob URL store partitioning w3c/FileAPI#153

Open

annevk reviewed Nov 4, 2024

View reviewed changes

source Outdated Show resolved Hide resolved

Update callsites and pass urlRecord per review feedback

4786e67

annevk reviewed Nov 5, 2024

View reviewed changes

annevk added the security/privacy There are security or privacy implications label Nov 5, 2024

recvfrom and others added 5 commits November 5, 2024 17:44

Merge branch 'whatwg:main' into main

a3aea62

Address most review feedback

bb5c5c8

Update 'get noopener for window open' to take a URL record

585567d

Make URL record optional for 'get noopener for window open'

d6b6cd5

Fix whitespace in 'get noopener for window open'

5a1700a

annevk reviewed Nov 6, 2024

View reviewed changes

source Outdated Show resolved Hide resolved

source Outdated Show resolved Hide resolved

source Outdated Show resolved Hide resolved

source Show resolved Hide resolved

source Show resolved Hide resolved

Address review feedback

c624ae5

annevk approved these changes Nov 6, 2024

View reviewed changes

domenic reviewed Nov 15, 2024

View reviewed changes

source Outdated Show resolved Hide resolved

source Show resolved Hide resolved

source Outdated Show resolved Hide resolved

recvfrom added 2 commits November 15, 2024 14:39

Merge remote-tracking branch 'upstream/main' + fixes

4485fda

Remove duplicated line introduced during rebasing

42f60a4

domenic approved these changes Nov 18, 2024

View reviewed changes

domenic merged commit c0fbcc2 into whatwg:main Nov 18, 2024
2 checks passed

shannonbooth mentioned this pull request Dec 10, 2024

Potential null use of URL invoking "getting nooopener for window open" on empty url string for window open #10844

Closed

chromium-wpt-export-bot mentioned this pull request Dec 10, 2024

[Blob URL] Make tentative partitioning WPTs permanent web-platform-tests/wpt#49629

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enforce noopener on cross-top-level-site Blob URLs #10731

Enforce noopener on cross-top-level-site Blob URLs #10731

recvfrom commented Oct 30, 2024 •

edited by pr-preview bot

Loading

annevk commented Nov 5, 2024

recvfrom commented Nov 6, 2024

annevk left a comment

annevk left a comment

Enforce noopener on cross-top-level-site Blob URLs #10731

Enforce noopener on cross-top-level-site Blob URLs #10731

Conversation

recvfrom commented Oct 30, 2024 • edited by pr-preview bot Loading

annevk commented Nov 5, 2024

recvfrom commented Nov 6, 2024

annevk left a comment

Choose a reason for hiding this comment

annevk left a comment

Choose a reason for hiding this comment

recvfrom commented Oct 30, 2024 •

edited by pr-preview bot

Loading