FrameTreeNode does not reset sticky user gesture bit correctly |
|||||
Issue descriptionCreate a local file a.html: !DOCTYPE html> <meta charset="utf-8"> <!-- DO NOT SUBMIT: Fix Page Title. Missing tags? http://go/optional-html --> <title>Page A: Users expect me to be the back target</title> <html> <body> <a href="http://localhost:8000/redirect/b.html">Take me to page B with same eTLD+1</a> <a href="https://cr.kungfoo.net/history_hijack/b.html">Take me to page B with different eTLD+1</a> </body> </html> Run python -m SimpleHTTPServer 8000 in the directory where a.html is created In the browser, run: http://localhost:8000/a.html Click on the link "Take me to page B with different eTLD+1" On going to b.html, it does a redirect to c.html In both navigations to b and c the sticky user gesture bit is set when checked in NavigationControllerImpl::RendererDidNavigateToNewPage. The value being checked is rfh->frame_tree_node()->HasBeenActivated() Since a.html and b.html are different eTLD+1, navigation to b and c should not have the sticky user gesture bits set. Looks like FrameTreeNode does not have the resetting of the bits even when the RenderFrameHost changes, as is happening in this case.
,
Nov 6
,
Nov 12
,
Nov 15
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd commit c4f56158b3c305e28ce9af4c27ed13c1c30d32fd Author: Shivani Sharma <shivanisha@chromium.org> Date: Thu Nov 15 15:58:39 2018 Clear User Activation bits for main frames when new document is installed This is already being done in the renderer process during InstallNewDocument. This change will do the clearing in the browser process FrameTreeNode and in the RemoteFrame. Test: content_browsertests --gtest_filter=*ClearUserActivationForNewDocument* Bug: 901069 Change-Id: Ia11aa078ffd9376565893264a5b6ce4257f63908 Reviewed-on: https://chromium-review.googlesource.com/c/1320517 Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Mustaq Ahmed <mustaq@chromium.org> Commit-Queue: Shivani Sharma <shivanisha@chromium.org> Cr-Commit-Position: refs/heads/master@{#608381} [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/content/browser/frame_host/frame_tree_browsertest.cc [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/content/browser/frame_host/frame_tree_node.cc [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/content/browser/frame_host/frame_tree_node.h [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/third_party/blink/public/common/frame/user_activation_update_type.h [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/third_party/blink/renderer/core/exported/web_remote_frame_impl.cc [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/third_party/blink/renderer/core/frame/frame.cc [modify] https://crrev.com/c4f56158b3c305e28ce9af4c27ed13c1c30d32fd/third_party/blink/renderer/core/frame/frame.h
,
Nov 15
,
Nov 27
Issue 891792 has been merged into this issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mustaq@chromium.org
, Nov 1