[Webkit-unassigned] [Bug 171997] navigator.webdriver should return false if the page is not controlled by automation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 22 15:28:49 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=171997
--- Comment #21 from Brian Burg <bburg at apple.com> ---
(In reply to Chris Dumez from comment #17)
> (In reply to Sergey Shekyan from comment #16)
> > (In reply to Chris Dumez from comment #15)
> > > (In reply to Sergey Shekyan from comment #13)
> > > > (In reply to Chris Dumez from comment #11)
> > > > > Comment on attachment 310570 [details]
> > > > > Patch
> > > > >
> > > > > View in context:
> > > > > https://bugs.webkit.org/attachment.cgi?id=310570&action=review
> > > > >
> > > > > > Source/WebCore/Modules/webdriver/NavigatorWebDriver.cpp:72
> > > > > > JSValue JSNavigator::webdriver(ExecState&) const
> > > > >
> > > > > If you drop the [Custom], I believe you'll need to drop this method and add
> > > > > a new one:
> > > > > static bool NavigatorWebDriver::webdriver(Navigator&) const
> > > > > {
> > > > > return isControlledByAutomation();
> > > > > }
> > > >
> > > > It was a little more than that, but I think it works now. What should we do
> > > > about worker navigator?
> > >
> > > I do not understand the question, we do not seem to expose
> > > navigator.webdriver to workers. The spec does not seem to say we should
> > > expose this to workers either. The specs has a partial interface for
> > > Navigator but not WorkerNavigator [1].
> > >
> > > [1] https://html.spec.whatwg.org/multipage/workers.html#workernavigator
> >
> > Oh, I CCed you to the discussion at
> > https://groups.google.com/a/chromium.org/forum/
> > ?utm_medium=email&utm_source=footer&pli=1#!msg/blink-dev/6GysDZCWwB8/
> > rXbGoRohBgAJ .
> >
> > Anne reported an issue https://github.com/w3c/webdriver/issues/923 which is
> > likely be implemented.
>
> Ok. In any case, exposing this to workers would need to be addressed
> separately. Brian Burg should probably comment on wether we want to exposed
> navigator.webDriver to workers or not.
I don't think that would be necessary. This property exists to mitigate people using WebDriver for click fraud or other unintended purposes on arbitrary websites. By checking this the page content can perform a mitigation if the "user" is a script. Web content can check this in the main context and propagate to workers if needed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170522/11815ea8/attachment-0001.html>
More information about the webkit-unassigned
mailing list