Chrome web intents and user-activation decision logic
Alex
Hi everyone,
I’m new to Chromium and currently studying specific components for a university web-security seminar. Because the codebase is quite large, I’m hoping someone can point me to the relevant areas.
Specifically, I’m trying to understand where Chromium decides whether an action counts as a “user activation” in the context of Android intent URI handling (e.g., clicking a link like: intent://scan/#Intent;scheme=exampleapp;package=com.example.app;end; which then opens an app)
Chrome on Android will allow this navigation if it was triggered by a genuine user gesture (e.g., a tap), but if it is triggered by script without prior user interaction, Chrome either blocks it or shows a confirmation dialog.
My goal is to analyze which input events qualify as transient user activation and how this feeds into the intent-launching logic.
So far, from online documentation, I found that events such as click, keydown/keyup, touchstart/touchend contribute to user activation, while others do not. However, I would like to confirm this by locating the actual decision logic in the source code.
Could someone point me to the part of the Chromium codebase where:
-
User gestures / user activation are detected and recorded, and
-
The navigation / intent-launching code checks are done?
Any pointers to the right directories or files would be greatly appreciated.
I hope the question isn't too confusing.
Thanks in advance!
Yoav Weiss (@Shopify)
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2842dde4-5ad7-4ffa-b348-ca538589981fn%40chromium.org.
