Intent to ship: Update browsing context name on cross site navigation or history traversal

339 views
Skip to first unread message

Tim Huang

unread,
Sep 10, 2020, 8:47:37 AM9/10/20
to dev-platform
Summary:

The window.name can persist after doing cross-origin navigation, which
means it can leak information across origins and be used as a tracking
vector.

To address this, we want to clear the window.name when doing cross-origin
navigations. The window.name won't persist across origins, so cannot be
used for tracking.

We also want to implement the store/restore window.name in the session
history when doing history loads. This has been defined in HTML Standard.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=444222

Standard:
* https://html.spec.whatwg.org/#history-traversal

Platform coverage: All

Preference: privacy.window.name.update.enabled

Devtools bug: Nope.

Other browsers:
* Safari has shipped this.
* Chrome doesn't implement this.

web-platform-tests:
We will add web-platform-tests for this.

Secure contexts:
This is not restricted to secure contexts.

Is this feature enabled by default in sandboxed iframes?: Yes

Best,
Tim,

Shuran Huang

unread,
Sep 11, 2020, 10:55:39 AM9/11/20
to
Hi Tim,

FYI, here is the tracking bug for this issue in Chrome: crbug.com/1090128.

Thanks,
Shuran

Anne van Kesteren

unread,
Sep 11, 2020, 11:26:59 AM9/11/20
to Shuran Huang, dev-platform
On Fri, Sep 11, 2020 at 5:00 PM Shuran Huang <shu...@chromium.org> wrote:
> FYI, here is the tracking bug for this issue in Chrome: crbug.com/1090128.

Hey Shuran,

I think the bug you're looking for is
https://bugs.chromium.org/p/chromium/issues/detail?id=706350. In
particular this intent to ship is about resetting window.name when the
browsing context group (aka BrowsingInstance in Chrome) is not
replaced.

Kind regards,

Anne

Shuran Huang

unread,
Sep 11, 2020, 4:54:54 PM9/11/20
to
Hi Anne,

Thanks for the pointer. I did not realize it's about the cross-origin navigation that not switch BrowsingInstance. Just to confirm, is the case for top-level navigation only or not?

Thanks,
Shuran

Anne van Kesteren

unread,
Sep 14, 2020, 5:11:59 AM9/14/20
to Shuran Huang, dev-platform
On Fri, Sep 11, 2020 at 10:55 PM Shuran Huang <shu...@chromium.org> wrote:
> Thanks for the pointer. I did not realize it's about the cross-origin navigation that not switch BrowsingInstance. Just to confirm, is the case for top-level navigation only or not?

Cross-origin navigations of top-level browsing contexts whose opener
browsing context is either null or disowned. (It might be that null
and disowned can be merged, but currently they are not
specification-wise.)

Shuran Huang

unread,
Apr 23, 2021, 2:35:55 PMApr 23
to
Hi, I have a followup question on this feature. Have you observed any breakage after this feature is launched? Asking because Chrome data shows that 0.6% of page loads rely on a previously set window.name after a cross-site navigation that swaps BrowsingContextGroup. Even though the feature shipped here targets the cross-origin navigations that don't swap BrowsingContextGroup, but any info regarding what sites uses window.name property is helpful. Thanks!

Shuran Huang

unread,
May 6, 2021, 6:06:27 PMMay 6
to
Friendly ping. In case the previous email is missed.

Daniel Veditz

unread,
May 26, 2021, 1:57:06 PMMay 26
to
> > Hi, I have a followup question on this feature. Have you observed any breakage after this feature is launched? Asking because Chrome data shows that 0.6% of page loads rely on a previously set window.name after a cross-site navigation that swaps BrowsingContextGroup. Even though the feature shipped here targets the cross-origin navigations that don't swap BrowsingContextGroup, but any info regarding what sites uses window.name property is helpful. Thanks!
> Friendly ping. In case the previous email is missed.

It was missed -- traffic to this group was moved to a new Google Group that is just a mailing list, not an unholy conglomeration of mailman/GoogelGroup/newsgroup

Please ask again in https://groups.google.com/a/mozilla.org/g/dev-platform
Reply all
Reply to author
Forward
0 new messages