[Webkit-unassigned] [Bug 233876] New: History intervention to prevent Back button abuse
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 6 07:56:56 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=233876
Bug ID: 233876
Summary: History intervention to prevent Back button abuse
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Page Loading
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ajuma at chromium.org
CC: achristensen at apple.com, beidson at apple.com,
bfulgham at webkit.org, cdumez at apple.com
Some websites abuse the History API to inject history entries that break the Back button.
For example, on Safari on iOS 15.1:
1. Visit google.com and search for "PVR Silver Arc"
2. Tap on "Website" in the search result box for "PVR Silver Arc".
3. Tap on the back button to try to return to the search results page.
Actual result:
The site has inserted an entry into the back/forward list so no matter how many times you tap on the back button, you stay on this site.
Blink and Gecko have shipped an intervention to prevent this kind of abuse. This marks entries added to the Back/Forward list without user action so that they're skipped when tapping on the Back button.
WICG: https://github.com/WICG/interventions/issues/21
Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=907167
Gecko bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1515073
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211206/688980d9/attachment-0001.htm>
More information about the webkit-unassigned
mailing list