[wpt-sync] Sync PR 25061 - Enable text fragments across redirects
Categories
(Testing :: web-platform-tests, task, P4)
Tracking
(firefox82 fixed)
Tracking | Status | |
---|---|---|
firefox82 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 25061 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/25061
Details from upstream follow.
David Bokan <bokan@chromium.org> wrote:
Enable text fragments across redirects
A text fragment occurs in a URL fragment and begins with ":~:text=...".
It is used to highlight and scroll the provided text into view when the
page is loaded. For user privacy reasons, we restrict scrolling the text
into view unless the navigation occurred via a user gesture. See:
https://github.com/WICG/scroll-to-text-fragment#security-considerations
for more details.However, it is common (particularly on social and messaging services
where content is user-generated) for links to be served via a redirect.
A typical example (from chat.google.com) works like this:
- User receives and clicks a link to https://example.com#:~:text=foo"
- chat.google.com opens a new tab using window.open("", "_blank")
- chat.google.com calls document.write on the newly opened window to
write a \<meta> tag-based client redirect to
google.com/url?url=https://example.com... which is the URL
redirection service with the destination URL as a query param.- google.com/url then calls window.location and writes
"https://example.com#:~:text=foo" into it- the new tab finally navigates to example.com
The only navigation that had a user gesture attached to it is the
initial empty document navigation in step 2. This means the example.com
page is navigated to without a user gesture and the text fragment is
blocked. A similar pattern is seen on many popular services: Twitter,
Instagram, Facebook Messenger, etc.This CL solves the above scenario by introducing a "text fragment
token". This token grants its holder permission to invoke a text
fragment. The token can be used during load to invoke the text fragment,
or it can be passed into a navigation to grant permission to the next
page without requiring a user gesture. However, in either case, the
token is consumed so a page cannot both invoke a text fragment and pass
the token.The token is created in only in DocumentLoader's constructor and while
processing a same-document navigation. For regular navigations, it is
only created if the current navigation was user initiated. For
same-document navigations, it's created only if browser-initiated and
the navigation has a text fragment. This mechanism can be thought of as
a user gesture that applies only to text fragment and whose lifetime
extends across navigations but cannot be copied and is always consumed
on use.Bug: 1055455
Change-Id: Icddd849937d24b579bbeb5a4b9f87539d8339905
Reviewed-on: https://chromium-review.googlesource.com/2159324
WPT-Export-Revision: f27b567ef77618f86705fd2755f0447293041283
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
Assignee | ||
Comment 2•4 years ago
|
||
CI Results
Ran 12 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 14 subtests
Status Summary
Firefox
OK : 1
FAIL: 14
Chrome
OK : 1
PASS: 10
FAIL: 4
Safari
OK : 1
FAIL: 14
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/scroll-to-text-fragment/redirects.html: OK [GitHub
], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview
, Gecko-android-em-7.0-x86_64-opt-geckoview
, Gecko-linux1804-64-debug
, Gecko-linux1804-64-opt
, Gecko-linux1804-64-qr-debug
, Gecko-linux1804-64-qr-opt
, Gecko-windows10-64-debug
, Gecko-windows10-64-opt
, Gecko-windows10-64-qr-debug
, Gecko-windows10-64-qr-opt
, Gecko-windows7-32-debug
, Gecko-windows7-32-opt
] (Chrome: OK, Safari: OK)
Text fragment works on client-side meta redirect.: FAIL (Chrome: FAIL, Safari: FAIL)
Text fragment works from HTTP 308 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment propagated through HTTP 303 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment works from HTTP 301 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment propagated through HTTP 301 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment propagated through HTTP 302 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment propagated through HTTP 307 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
One text fragment per user gesture allowed in client-side location redirect.: FAIL (Chrome: FAIL, Safari: FAIL)
Text fragment works from HTTP 307 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment works from HTTP 302 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment works from HTTP 303 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
One text fragment per user gesture allowed in client-side meta redirect.: FAIL (Chrome: FAIL, Safari: FAIL)
Text fragment propagated through HTTP 308 redirect.: FAIL (Chrome: PASS, Safari: FAIL)
Text fragment works on client-side location redirect.: FAIL (Chrome: FAIL, Safari: FAIL)
Tests Disabled in Gecko Infrastructure
/scroll-to-text-fragment/redirects.html: OK [GitHub
], SKIP [Gecko-android-em-7.0-x86_64-debug-geckoview
, Gecko-android-em-7.0-x86_64-opt-geckoview
, Gecko-linux1804-64-debug
, Gecko-linux1804-64-opt
, Gecko-linux1804-64-qr-debug
, Gecko-linux1804-64-qr-opt
, Gecko-windows10-64-debug
, Gecko-windows10-64-opt
, Gecko-windows10-64-qr-debug
, Gecko-windows10-64-qr-opt
, Gecko-windows7-32-debug
, Gecko-windows7-32-opt
] (Chrome: OK, Safari: OK)
Comment 4•4 years ago
|
||
bugherder |
Description
•