commit	92cd57ebc8bf216199fa9a8a9225e978a2197371	[log] [tgz]
author	Liam Brady <lbrady@google.com>	Thu Mar 07 22:25:49 2024
committer	Blink WPT Bot <blink-w3c-test-autoroller@chromium.org>	Thu Mar 07 22:44:35 2024
tree	0342800c4223c695e4084cf8766ac018bae0c6c3
parent	635a87312b0700d82f1f3c4fe0c82f5f2f165a0f [diff]

Clear user activation on cross-site navigations.

When full site isolation is disabled, renderer processes and
RenderFrameHosts are re-used when performing cross-site navigations.
This includes user activation state, and, more specifically, the sticky
`has_been_active_` bit in `UserActivationState`.

Currently, the `UserActivationState` on the renderer-side is reset only
if the navigation's associated frame is a main frame. That means that if
an iframe navigates to a cross-site page, its sticky user activation
state will be the leftover state from the previous page. So, if a user
interacted with the previous page in any capacity, the newly loaded page
will think it has received a user gesture, essentially using an
unintentional cache of the user activation state.

This becomes an issue when dealing with our framebusting interventions.
We only allow an iframe to do a top-level navigation if it received a
user gesture. However, if an iframe's previous document received a user
activation, or worse, if the iframe was not navigated to anything and
got a user activation because its embedder was interacted with, this
allows the current document to circumvent our framebusting
interventions. The latter happens because of same-origin descendant
activation behavior. See:
https://source.chromium.org/chromium/chromium/src/+/main:content/browser/renderer_host/frame_tree_node.cc;l=766-778;drc=30753b1135fa271a3b45bbdbfef6567e46733a7f;bpv=1;bpt=1

Note that this problem does not exist if site isolation is enabled
(which is by default on desktop platforms), since a cross-site
navigation will create a whole new process with a fresh
`UserActivationState`.

To fix this, this CL clears the user activation state on cross-site
subframe navigations in the renderer (user activation is already cleared
for main frames). To ensure that same-site navigations persist user
state even if a cross-origin or same-origin navigation results in a new
process or RenderFrameHost being created, this CL also explicitly
transfers sticky user activation state for all same-site
cross-RenderFrameHost navigations. This takes place in the browser, and
the resulting bit to determine if a frame should have sticky user
activation is passed to the renderer.

The ultimate end goal is to unconditionally clear the user activation
state for all cross-document navigations. That unfortunately is not
possible today as there are entrenched use cases that rely on sticky
user activation state being cached for same-site navigations. See:
https://crbug.com/40228985.

This CL also fixes the aforementioned regression when enabling the
RenderDocument feature, since this CL will now preserve the sticky user
activation state regardless of what
process/RenderFrameHost/RenderDocument state the navigation results in.

This CL adds some tests to the no-auto-wpt-origin-isolation test suite, which requires some additional description:

* These tests are running on all platforms because site isolation behavior may differ per platform
* All of the tests in the-iframe-element are being added because it would be useful to understand their behavior in all expected process
configurations
* The total time taken for this test suite on linux-rel showed a total time percentage of <0.3%

Bug: 41493458
Change-Id: Ibec11437fcd03470571e04a4e0dfaadffddf6c03
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5269464
Reviewed-by: Mustaq Ahmed <mustaq@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: Andrew Verge <averge@chromium.org>
Commit-Queue: Liam Brady <lbrady@google.com>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1269856}

html/semantics/embedded-content/the-iframe-element/resources/sandbox-top-navigation-helper.js[diff]
html/semantics/embedded-content/the-iframe-element/sandbox-top-navigation-child-cross-origin.tentative.sub.window.js[Added - diff]
html/semantics/embedded-content/the-iframe-element/sandbox-top-navigation-cross-site.tentative.sub.window.js[Added - diff]
html/semantics/embedded-content/the-iframe-element/sandbox-top-navigation-user-activation.tentative.sub.window.js[Renamed from html/semantics/embedded-content/the-iframe-element/sandbox-top-navigation-child-special-cases.tentative.sub.window.js - diff]

4 files changed

tree: 0342800c4223c695e4084cf8766ac018bae0c6c3

README.md

The web-platform-tests Project

The web-platform-tests Project is a cross-browser test suite for the Web-platform stack. Writing tests in a way that allows them to be run in all browsers gives browser projects confidence that they are shipping software that is compatible with other implementations, and that later implementations will be compatible with their implementations. This in turn gives Web authors/developers confidence that they can actually rely on the Web platform to deliver on the promise of working across browsers and devices without needing extra layers of abstraction to paper over the gaps left by specification editors and implementors.

The most important sources of information and activity are:

github.com/web-platform-tests/wpt: the canonical location of the project's source code revision history and the discussion forum for changes to the code
web-platform-tests.org: the documentation website; details how to set up the project, how to write tests, how to give and receive peer review, how to serve as an administrator, and more
wpt.live: a public deployment of the test suite, allowing anyone to run the tests by visiting from an Internet-enabled browser of their choice
wpt.fyi: an archive of test results collected from an array of web browsers on a regular basis
Real-time chat room: the wpt:matrix.org matrix channel; includes participants located around the world, but busiest during the European working day.
Mailing list: a public and low-traffic discussion list
RFCs: a repo for requesting comments on substantial changes that would impact other stakeholders or users; people who work on WPT infra are encouraged to watch the repo.

If you'd like clarification about anything, don't hesitate to ask in the chat room or on the mailing list.

Setting Up the Repo

Clone or otherwise get https://github.com/web-platform-tests/wpt.

Note: because of the frequent creation and deletion of branches in this repo, it is recommended to “prune” stale branches when fetching updates, i.e. use git pull --prune (or git fetch -p && git merge).

Running the Tests

See the documentation website and in particular the system setup for running tests locally.

Command Line Tools

The wpt command provides a frontend to a variety of tools for working with and running web-platform-tests. Some of the most useful commands are:

wpt serve - For starting the wpt http server
wpt run - For running tests in a browser
wpt lint - For running the lint against all tests
wpt manifest - For updating or generating a MANIFEST.json test manifest
wpt install - For installing the latest release of a browser or webdriver server on the local machine.
wpt serve-wave - For starting the wpt http server and the WAVE test runner. For more details on how to use the WAVE test runner see the documentation.

Windows Notes

On Windows wpt commands must be prefixed with python or the path to the python binary (if python is not in your %PATH%).

python wpt [command]

Alternatively, you may also use Bash on Ubuntu on Windows in the Windows 10 Anniversary Update build, then access your windows partition from there to launch wpt commands.

Please make sure git and your text editor do not automatically convert line endings, as it will cause lint errors. For git, please set git config core.autocrlf false in your working tree.

Publication

The master branch is automatically synced to wpt.live and w3c-test.org.

Contributing

Save the Web, Write Some Tests!

Absolutely everyone is welcome to contribute to test development. No test is too small or too simple, especially if it corresponds to something for which you've noted an interoperability bug in a browser.

The way to contribute is just as usual:

Fork this repository (and make sure you're still relatively in sync with it if you forked a while ago).
Create a branch for your changes: git checkout -b topic.
Make your changes.
Run ./wpt lint as described above.
Commit locally and push that to your repo.
Create a pull request based on the above.

Issues with web-platform-tests

If you spot an issue with a test and are not comfortable providing a pull request per above to fix it, please file a new issue. Thank you!