Intent to ship: Update browsing context name on cross site navigation or history traversal

[Tim Huang]

Summary:

The window.name can persist after doing cross-origin navigation, which
means it can leak information across origins and be used as a tracking
vector.

To address this, we want to clear the window.name when doing cross-origin
navigations. The window.name won't persist across origins, so cannot be
used for tracking.

We also want to implement the store/restore window.name in the session
history when doing history loads. This has been defined in HTML Standard.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=444222

Standard:
* https://html.spec.whatwg.org/#history-traversal

Platform coverage: All

Preference: privacy.window.name.update.enabled

Devtools bug: Nope.

Other browsers:
* Safari has shipped this.
* Chrome doesn't implement this.

web-platform-tests:
We will add web-platform-tests for this.

Secure contexts:
This is not restricted to secure contexts.

Is this feature enabled by default in sandboxed iframes?: Yes

Best,
Tim,

[Shuran Huang]

Hi Tim,

FYI, here is the tracking bug for this issue in Chrome: crbug.com/1090128.

Thanks,
Shuran

[Anne van Kesteren]

On Fri, Sep 11, 2020 at 5:00 PM Shuran Huang <shu...@chromium.org> wrote:
> FYI, here is the tracking bug for this issue in Chrome: crbug.com/1090128.

Hey Shuran,

I think the bug you're looking for is
https://bugs.chromium.org/p/chromium/issues/detail?id=706350. In
particular this intent to ship is about resetting window.name when the
browsing context group (aka BrowsingInstance in Chrome) is not
replaced.

Kind regards,

Anne

[Shuran Huang]

Hi Anne,

Thanks for the pointer. I did not realize it's about the cross-origin navigation that not switch BrowsingInstance. Just to confirm, is the case for top-level navigation only or not?

Thanks,
Shuran

[Anne van Kesteren]

On Fri, Sep 11, 2020 at 10:55 PM Shuran Huang <shu...@chromium.org> wrote:
> Thanks for the pointer. I did not realize it's about the cross-origin navigation that not switch BrowsingInstance. Just to confirm, is the case for top-level navigation only or not?

Cross-origin navigations of top-level browsing contexts whose opener
browsing context is either null or disowned. (It might be that null
and disowned can be merged, but currently they are not
specification-wise.)

[Shuran Huang]

Hi, I have a followup question on this feature. Have you observed any breakage after this feature is launched? Asking because Chrome data shows that 0.6% of page loads rely on a previously set window.name after a cross-site navigation that swaps BrowsingContextGroup. Even though the feature shipped here targets the cross-origin navigations that don't swap BrowsingContextGroup, but any info regarding what sites uses window.name property is helpful. Thanks!

[Shuran Huang]

Friendly ping. In case the previous email is missed.

[Daniel Veditz]

> > Hi, I have a followup question on this feature. Have you observed any breakage after this feature is launched? Asking because Chrome data shows that 0.6% of page loads rely on a previously set window.name after a cross-site navigation that swaps BrowsingContextGroup. Even though the feature shipped here targets the cross-origin navigations that don't swap BrowsingContextGroup, but any info regarding what sites uses window.name property is helpful. Thanks!
> Friendly ping. In case the previous email is missed.

It was missed -- traffic to this group was moved to a new Google Group that is just a mailing list, not an unholy conglomeration of mailman/GoogelGroup/newsgroup

Please ask again in https://groups.google.com/a/mozilla.org/g/dev-platform