Compute "has transient activation" synchronously in navigation

Helps with #1130 by removing more deep-in-the-algorithm-tree uses of source browsing context.
whatwg · Mar 19, 2021 · 62f4e9d · 62f4e9d
1 parent 22e821b
commit 62f4e9d
Showing 1 changed file with 53 additions and 35 deletions.
diff --git a/source b/source
@@ -84625,6 +84625,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    download</span> algorithm given the <span>source browsing context</span> and
    <var>browsingContext</var>.</p></li>
 
+   <li><p>Let <var>hasTransientActivation</var> be true if the <span>source browsing
+   context</span>'s <span>active window</span> has <span>transient activation</span>; otherwise
+   false.</p></li>
+
    <li><p>Return to whatever algorithm invoked the navigation steps and continue running these steps
    <span>in parallel</span>.</p></li>
 
@@ -84679,7 +84683,8 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
        handling</span> is <var>historyHandling</var>.</p></li>
 
        <li><p>Run <span>process a navigate response</span> with <var>navigationType</var>,
-       <var>allowedToDownload</var>, and <var>navigationParams</var>.</p></li>
+       <var>allowedToDownload</var>, <var>hasTransientActivation</var>, and
+       <var>navigationParams</var>.</p></li>
       </ol>
      </dd>
 
@@ -84730,7 +84735,8 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
        handling</span> is <var>historyHandling</var>.</p></li>
 
        <li><p>Run <span>process a navigate response</span> with <var>navigationType</var>,
-       <var>allowedToDownload</var>, and <var>navigationParams</var>.</p></li>
+       <var>allowedToDownload</var>, <var>hasTransientActivation</var>, and
+       <var>navigationParams</var>.</p></li>
       </ol>
 
       <p class="example">So for example a <span data-x="javascript
@@ -84749,15 +84755,17 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
      is a <span>fetch scheme</span></dt>
      <dd><p>Run <span>process a navigate fetch</span> given <var>resource</var>, the <span>source
      browsing context</span>, <var>browsingContext</var>, <var>navigationType</var>,
-     <var>sandboxFlags</var>, <var>allowedToDownload</var>, <var>incumbentNavigationOrigin</var>,
-     <var>activeDocumentNavigationOrigin</var>, and <var>historyHandling</var>.</p></dd>
+     <var>sandboxFlags</var>, <var>allowedToDownload</var>, <var>hasTransientActivation</var>,
+     <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and
+     <var>historyHandling</var>.</p></dd>
 
      <dt>Otherwise, <var>resource</var> is a <span data-x="concept-request">request</span> whose
      <span data-x="concept-request-url">url</span>'s <span data-x="concept-url-scheme">scheme</span>
      is neither "<code data-x="javascript protocol">javascript</code>" nor a <span>fetch
      scheme</span></dt>
      <dd><p>Run <span>process a navigate URL scheme</span> given <var>resource</var>'s <span
-     data-x="concept-request-url">url</span> and <var>browsingContext</var>.</p></dd>
+     data-x="concept-request-url">url</span>, <var>browsingContext</var>, and
+     <var>hasTransientActivation</var>.</p></dd>
     </dl>
    </li>
   </ol>
@@ -84766,9 +84774,10 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
   data-x="concept-request">request</span> <var>request</var>, two <span data-x="browsing
   context">browsing contexts</span> <var>sourceBrowsingContext</var> and <var>browsingContext</var>,
   a string <var>navigationType</var>, a <span>sandboxing flag set</span> <var>sandboxFlags</var>, a
-  boolean <var>allowedToDownload</var>, two <span data-x="origin">origins</span>
-  <var>incumbentNavigationOrigin</var> and <var>activeDocumentNavigationOrigin</var>, and a
-  <span>history handling behavior</span> <var>historyHandling</var>:</p>
+  boolean <var>allowedToDownload</var>, a boolean <var>hasTransientActivation</var>, two <span
+  data-x="origin">origins</span> <var>incumbentNavigationOrigin</var> and
+  <var>activeDocumentNavigationOrigin</var>, and a <span>history handling behavior</span>
+  <var>historyHandling</var>:</p>
 
   <ol>
    <li><p>Let <var>response</var> be null.</p></li>
@@ -84784,8 +84793,7 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    <var>browsingContext</var>'s <span>active document</span>'s <span>relevant settings
    object</span>'s <span data-x="concept-environment-id">id</span>.</p></li>
 
-   <li><p>If <var>sourceBrowsingContext</var>'s <code>WindowProxy</code>'s [[Window]] value has
-   <span>transient activation</span>, then set <var>request</var>'s <span
+   <li><p>If <var>hasTransientActivation</var> is true, then set <var>request</var>'s <span
    data-x="concept-request-user-activation">user-activation</span> to true.</p></li>
 
    <li>
@@ -84808,7 +84816,7 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
    <li><p>Let <var>currentContextIsSource</var> be the result of whether
    <var>browsingContext</var>'s <span>active document</span> is <span>same origin</span> with
-   <var>source</var>'s <span>active document</span>.</p></li>
+   <var>sourceBrowsingContext</var>'s <span>active document</span>.</p></li>
 
    <li><p>Let <var>coopEnforcementResult</var> be a new <span
    data-x="coop-enforcement-result">cross-origin opener policy enforcement result</span> whose <span
@@ -85001,12 +85009,20 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    <span>process a navigate fetch</span> with a new <span data-x="concept-request">request</span>
    whose <span data-x="concept-request-url">url</span> is <var>locationURL</var>,
    <var>sourceBrowsingContext</var>, <var>browsingContext</var>, <var>navigationType</var>,
-   <var>allowedToDownload</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>,
-   <var>activeDocumentNavigationOrigin</var>, and <var>historyHandling</var>, and return.
+   <var>allowedToDownload</var>, <var>hasTransientActivation</var>, <var>sandboxFlags</var>,
+   <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and
+   <var>historyHandling</var>, and return.
 
-   <li><p>Otherwise, if <var>locationURL</var> is a <span>URL</span>, run the <span>process a
-   navigate URL scheme</span> given <var>locationURL</var> and <var>browsingContext</var>, and
-   return.</p></li>
+   <li>
+    <p>Otherwise, if <var>locationURL</var> is a <span>URL</span>:</p>
+
+    <ol>
+     <li><p><span>Process a navigate URL scheme</span> given <var>locationURL</var>,
+     <var>browsingContext</var>, and <var>hasTransientActivation</var>.</p></li>
+
+     <li><p>Return.</p></li>
+    </ol>
+   </li>
 
    <li><p>Let <var>navigationParams</var> be a new <span>navigation params</span> whose <span
    data-x="navigation-params-request">request</span> is <var>request</var>, <span
@@ -85024,12 +85040,13 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    <var>historyHandling</var>.</p></li>
 
    <li><p>Run <span>process a navigate response</span> with <var>navigationType</var>,
-   <var>allowedToDownload</var>, and <var>navigationParams</var>.</p></li>
+   <var>allowedToDownload</var>, <var>hasTransientActivation</var>, and
+   <var>navigationParams</var>.</p></li>
   </ol>
 
   <p>To <dfn export>process a navigate response</dfn>, given a string <var>navigationType</var>, a
-  boolean <var>allowedToDownload</var>, and a <span>navigation params</span>
-  <var>navigationParams</var>:</p>
+  boolean <var>allowedToDownload</var>, a boolean <var>hasTransientActivation</var>, and a
+  <span>navigation params</span> <var>navigationParams</var>:</p>
 
   <ol>
    <li><p>Let <var>response</var> be <var>navigationParams</var>'s <span
@@ -85171,18 +85188,20 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
    <li><p>Otherwise, the document's <var>type</var> is such that the resource will not affect
    <var>browsingContext</var>, e.g., because the resource is to be handed to an external application
-   or because it is an unknown type that will be processed <span>as a download</span>. <span
-   data-x="hand-off to external software">Process the resource appropriately</span>.</p>
+   or because it is an unknown type that will be processed <span>as a download</span>.
+   <span>Hand-off to external software</span> given <var>response</var> and
+   <var>hasTransientActivation</var>.</p></li>
   </ol>
 
-  <p>To <dfn>process a navigate URL scheme</dfn>, given a <span>URL</span> <var>url</var> and
-  <span>browsing context</span> <var>browsingContext</var>, run these steps:</p>
+  <p>To <dfn>process a navigate URL scheme</dfn>, given a <span>URL</span> <var>url</var>, a
+  <span>browsing context</span> <var>browsingContext</var>, and a boolean
+  <var>hasTransientActivation</var>:</p>
 
   <ol>
    <li><p>If <var>url</var> is to be handled using a mechanism that does not affect
    <var>browsingContext</var>, e.g., because <var>url</var>'s <span
-   data-x="concept-url-scheme">scheme</span> is handled externally, then <span data-x="hand-off to
-   external software">proceed with that mechanism instead</span>.</p></li>
+   data-x="concept-url-scheme">scheme</span> is handled externally, then <span>hand-off to external
+   software</span> given <var>url</var> and <var>hasTransientActivation</var>.</p></li>
 
    <li>
     <p>Otherwise, <var>url</var> is to be handled by displaying some sort of inline content, e.g.,
@@ -85196,16 +85215,15 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
    </li>
   </ol>
 
-  <p>When a resource is handled by <dfn data-x="hand-off to external software">passing its URL or
-  data to an external software package</dfn> separate from the user agent (e.g. handing a <code
-  data-x="mailto protocol">mailto:</code> URL to a mail client, or a Word document to a word
-  processor), user agents should attempt to mitigate the risk that this is an attempt to exploit the
-  target software, e.g. by prompting the user to confirm that the <span>source browsing
-  context</span>'s <span>active document</span>'s <span
-  data-x="concept-document-origin">origin</span> is to be allowed to invoke the specified software.
-  In particular, if the <span>navigate</span> algorithm was invoked when <span>source browsing
-  context</span>'s <span>active window</span> does not have <span>transient activation</span>, the
-  user agent should not invoke the external software package without prior user confirmation.</p>
+  <p>To <dfn>hand-off to external software</dfn> given a <span>URL</span> or <span
+  data-x="concept-response">response</span> <var>resource</var> and a boolean
+  <var>hasTransientActivation</var>, user agents should perform the appropriate handoff of
+  <var>resource</var> while attempting to mitigate the risk that this is an attempt to exploit the
+  target software. For example, user agents could prompt the user to confirm that the <span>source
+  browsing context</span>'s <span>active document</span>'s <span
+  data-x="concept-document-origin">origin</span> is to be allowed to invoke the external software in
+  question. In particular, if <var>hasTransientActivation</var> is false, then the user agent should
+  not invoke the external software package without prior user confirmation.</p>
 
   <p class="example">For example, there could be a vulnerability in the target software's URL
   handler which a hostile page would attempt to exploit by tricking a user into clicking a link.</p>