We seem to have quite a few places where current user gesture state is saved and passed on as a Boolean variable.  We suspect many of these cases were added to overcome the stack-limited visibility of UserGestureTokens.

This is inherently problematic because it opens up the possibility of duplicating tokens, possibly by a compromised renderer.

Moreover, User Activation v2 should make passing on Boolean unnecessary in most (all?) of these cases.


---

Here is one such Boolean passing that we need to fix:

https://cs.chromium.org/chromium/src/out/Debug/gen/content/common/frame.mojom.h?rcl=492b02b5251cf5388c9d16f8b43fa503dd6a7b08&l=1014
- This field is initiated and conditionally also "forced" for extensions at RenderViewImpl::CreateView.
- It is carried on to many different places:
  - WebContentsDelegate::AddNewContent: https://cs.chromium.org/chromium/src/content/public/browser/web_contents_delegate.h?rcl=e319550a9b6a02666101511418b472b80c98a9b7&l=124
  - Navigation related uses through NavigateParams:
https://cs.chromium.org/chromium/src/chrome/browser/ui/browser.cc?rcl=b878d97c1be5685f677ea1d15d55c8a6c0219121&l=1483

---

We have seen similar Boolean passing for extension messaging too.
https://cs.chromium.org/chromium/src/extensions/renderer/dispatcher.cc?rcl=523d9dcd5513e2805a33d92686c30151cdf7f79c&l=1015