[Webkit-unassigned] [Bug 260361] New: Transient activation should be dropped after evaluating JavaScript, except when required for application compatibility

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 17 13:01:21 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=260361

            Bug ID: 260361
           Summary: Transient activation should be dropped after
                    evaluating JavaScript, except when required for
                    application compatibility
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com
                CC: beidson at apple.com, bugs-noreply at webkitgtk.org,
                    cdumez at apple.com

This is a follow-up to bug #258037 and bug #251276. When a user interacts with a web page, the page is said to receive a user gesture and this grants additional permissions to the web content until the "transient activation" period expires, which in WebKit is 5 seconds. WebKit's API functions that allow applications to run JavaScript allow the application to force a user gesture in order to execute JS with full permissions. But in this case, the transient activation should expire immediately because the user did not really interact with the page. Web content should not unexpectedly receive additional permissions for 5 seconds whenever the application runs some of its own unrelated JS.

Bug #258037 and bug #251276 fixed this for freshly built applications on Cocoa platforms, but left other platforms unchanged because dropping the transient activation is not backwards-compatible and could possible cause unknown breakage in applications. But the desired behavior is to always drop transient activation. Implement this everywhere:

 * In RemoteInspectorProtocolHandler.cpp, affecting JS executed by remote inspector. This change is surely safe.
 * In WebKitWebView.cpp, affecting the GTK and WPE port. This could possibly break GTK/WPE applications, so we won't backport it to the 2.40 stable branch.
 * In WKPageRunJavaScriptInMainFrame, affecting non-Cocoa ports. This should be safe because the C API is not public except for Windows and PlayStation ports, which control the version of WebKit they ship.
 * And finally in ScriptController::executeScriptIgnoringException. This will affect all ports and could possibly break things.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230817/3bc88401/attachment.htm>

More information about the webkit-unassigned mailing list