tab-under blocking can by bypassed by navigating window.opener |
||
Issue description1. User clicks somewhere on page A, opens popup to page B 2. User clicks somewhere on page B, which uses its user gesture to navigate window.opener.location to some third party content 3. tab-under is achieved. The navigation in page A seems to use B's user gesture, which isn't exactly what the original feature intended. Though it takes an extra click from the user, this is probably easy to get. Mustaq: Can you clarify on whether this is intentional with UserActivation v2? I think you've been working on user gestures on remote frames. On a related note: we are exploring blocking cross origin window.opener navigations in issue 813643.
,
Mar 5 2018
Hi Mustaq. I could *not* reproduce with user activation v2. Woohoo! I have a provisional CL which should fix this [1], but if UAv2 is planning on shipping we probably don't need to land it. Can you share a status update on that project? [1]: https://chromium-review.googlesource.com/c/chromium/src/+/949526
,
Mar 6 2018
Great, thanks for sharing the good news. We have similar good news with Issue 404161 and Issue 760848. These give me confidence that our trial for M67 ( Issue 789591 ) will stick. Re this bug: your call, depends on pop-under priorities. If you decide to go ahead with your fix, please add a TODO referring to Issue 696617. Otherwise, feel free to block this bug on Issue 696617.
,
Mar 7 2018
|
||
►
Sign in to add a comment |
||
Comment 1 by mustaq@chromium.org
, Mar 5 2018