Closed Bug 1913514 Opened 1 month ago Closed 9 days ago

Back navigation can be prevented with some async functions

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Version:
Firefox 129
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox132 --- verified

People

(Reporter: bugzilla.mozilla.org, Unassigned)

References

(Depends on 1 open bug, Blocks 2 open bugs)

Details

Steps to reproduce:

Include this code on target page:

location.search||fetch(0).then(a=>location='?x');

And click back in navigation chrome.

Live exploit:

https://fulldecent.github.io/you-cant-leave-this-page-2/

Video narrated explanation:

https://youtu.be/C38e89xqxs0

Actual results:

Does not go back

Expected results:

Goes back

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Navigation' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Navigation
Product: Firefox → Core

Reproduced within the safe mode, but I cannot reproduce this bug with my profile, though. I'm not sure the rules of severity about this kind of issues. Nika, could you set the severity field?

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(nika)

We don't currently track "user navigation involvement" in quite the way which would be necessary for us to implement this consistently. Doing something like this probably depends on the work for bug 1901045.

I think roughly what we'd want to do if we had this kind of tracking is only allow a load to cancel another "browser UI" load if it at least has "activation" or "browser UI" user navigation involvement, and to cancel the navigation otherwise.

Leaving a ni? for :farre who might have some insight about whether we already have the information required for this.

Severity: -- → S3
Depends on: 1901045
Flags: needinfo?(nika) → needinfo?(afarre)

Yeah, I can't reproduce this, even in safe mode.

I'll forward this to :jjaschke and :avandolder who actually has done recent work with this.

Flags: needinfo?(jjaschke)
Flags: needinfo?(avandolder)
Flags: needinfo?(afarre)

I can repro on current Nightly both on MacOS and Ubuntu. Works in Chrome and Safari.

FWIW, in Bug 1904773 I faked "user involvement" by checking if the triggering principal is the system principal. But maybe we should implement the actual thing at some point.

Flags: needinfo?(jjaschke)

I couldn't reproduce this on the latest nightly Fx 132. I also verified that if I turned off the preference browser.navigation.requireUserInteraction, I saw the problem.

Blocks: 1645211
Flags: needinfo?(avandolder)
QA Contact: bmaris

Looks fixed to me using the latest Nightly 132 across platforms (Windows 11, macOS 13 and Ubuntu 22.04). If pref browser.navigation.requireUserInteraction is set as true (set to default) this is fixed, if false this will still reproduce.
I'll go ahead and mark this as fixed, please reopen if this is still reproducible for someone.

Status: NEW → RESOLVED
Closed: 9 days ago
status-firefox132: --- → verified
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.