From 2f751c9415a45360690b48882c5f38a6e6b88c0f Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Fri, 16 Jul 2021 18:21:24 -0400 Subject: [PATCH 1/8] Do not navigate to about:blank on iframe insertion Previously, we did a confusing thing where we would navigate to a non-initial about:blank. 2/3 engines instead do something observably equivalent to not navigating at all; they just fire a load event. This is much simpler, and matches window.open(). Closes #6863. --- source | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/source b/source index cf487e9120d..d6f568c4b89 100644 --- a/source +++ b/source @@ -30676,28 +30676,20 @@ interface HTMLIFrameElement : HTMLElement {

  • Otherwise, if element has a src attribute specified, or initialInsertion is false, then run the shared attribute processing steps for iframe and frame elements given - element.

    • + element and initialInsertion.

    The shared attribute processing steps for iframe and frame elements, given an element - element, are:

    + element and a boolean initialInsertion, are:

      -
    1. -

      If element has no src attribute specified, - or its value is the empty string, let url be the URL - "about:blank".

      - - -

      Otherwise, parse the value of element's src attribute, relative to element's node - document.

      +

    2. Let url be the URL record about:blank.

      3. -

      If that is not successful, then let url be the URL - "about:blank". Otherwise, let url be the resulting URL - record.

      - +

    3. If element has a src attribute specified, + and its value is not the empty string, then parse the value of + that attribute relative to element's node document. If this is + successful, then set url to the resulting URL record.

    4. If there exists an ancestor browsing context of element's nested browsing context whose active document's HTMLIFrameElement : HTMLElement { data-x="concept-url-fragment">fragments, is equal to url, then return.

      5. - + +
    5. +

      If url is about:blank and initialInsertion is true, + then:

      + +
        +

      1. Queue a global task on the networking task source given + window to fire an event named load at element's nested browsing context's + active window, with the legacy target override flag set.

        2. + +

      2. Return.

        3. +
      +

    6. Let resource be a new request whose URL is url and whose HTMLFrameSetElement : HTMLElement {

    7. If element has a src attribute specified, or initialInsertion is false, then run the shared attribute processing steps for iframe and frame elements given - element.

      8. + element and initialInsertion.

    The frame element potentially delays the load event.

    From bdf3e17c1ea5094978ae81be4cf7341ec255d117 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Wed, 21 Jul 2021 12:32:59 -0400 Subject: [PATCH 2/8] No load events anywhere --- source | 44 ++++++++++++-------------------------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/source b/source index d6f568c4b89..8b2225b00fc 100644 --- a/source +++ b/source @@ -30698,19 +30698,8 @@ interface HTMLIFrameElement : HTMLElement { -
  • -

    If url is about:blank and initialInsertion is true, - then:

    - -
      -

    1. Queue a global task on the networking task source given - window to fire an event named load at element's nested browsing context's - active window, with the legacy target override flag set.

      2. - -

    2. Return.

      3. -
    -
    • +

  • If url is about:blank and initialInsertion is true, + then return.

  • Let resource be a new request whose URL is url and whose WindowPostMessageOptions : PostMessageOpt target browsing context given tokenizedFeatures.

    • -

  • Let urlRecord be the URL "about:blank".

    • +

  • Let urlRecord be the URL record about:blank.

  • If url is not the empty string or new is true, then: @@ -80841,6 +80830,9 @@ dictionary WindowPostMessageOptions : PostMessageOpt to the resulting URL record, if any. If the parse a URL algorithm failed, then throw a "SyntaxError" DOMException.

    • +

  • If urlRecord is about:blank and new is true, then + return target browsing context's WindowProxy object.

    +

  • Let request be a new request whose URL is urlRecord.

    • @@ -80851,25 +80843,13 @@ dictionary WindowPostMessageOptions : PostMessageOpt

  • Let window be target browsing context's active window.

    • -

  • If urlRecord is "about:blank" and new is true, then - queue a global task on the networking task source given - window to fire an event named load at window, with the legacy target override - flag set.

    - -
  • -

    Otherwise:

    - -
      -

    1. Let historyHandling be "replace" if - new is true; otherwise "default".

      2. +

    2. Let historyHandling be "replace" if + new is true; otherwise "default".

      3. -

    3. Navigate target browsing context to - request, with exceptionsEnabled set to true, historyHandling set to historyHandling, and the - source browsing context set to source browsing context.

      4. -
    -
    • +

  • Navigate target browsing context to + request, with exceptionsEnabled set to true, historyHandling set to historyHandling, and the + source browsing context set to source browsing context.

    • From a39ae5edc67090289f5b94757dc6d7b98f0bc1ed Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Wed, 21 Jul 2021 12:53:38 -0400 Subject: [PATCH 3/8] Fix bug in last commit and refactor window open steps a lot --- source | 77 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 47 insertions(+), 30 deletions(-) diff --git a/source b/source index 8b2225b00fc..2dd4a36680b 100644 --- a/source +++ b/source @@ -80810,28 +80810,24 @@ dictionary WindowPostMessageOptions : PostMessageOpt tab.

    -

  • Let new be true if windowType is either "new and - unrestricted" or "new with no opener", and false otherwise.

    • -

  • If target browsing context is null, then return null.

    • -

  • If new is true, then set up browsing context features for - target browsing context given tokenizedFeatures.

    • - -

  • Let urlRecord be the URL record about:blank.

    • -
  • -

    If url is not the empty string or new is true, then: +

    If windowType is either "new and unrestricted" or "new with no opener", then:

      +

    1. Set up browsing context features for target browsing context + given tokenizedFeatures.

      2. + +

    2. Let urlRecord be the URL record + about:blank.

      3. +

    3. If url is not the empty string, then parse url relative to the entry settings object, and set urlRecord to the resulting URL record, if any. If the parse a URL algorithm - failed, then throw a "SyntaxError" DOMException.

      4. - -

    4. If urlRecord is about:blank and new is true, then - return target browsing context's WindowProxy object.

      + failed, then throw a "SyntaxError" + DOMException.

    5. Let request be a new request whose URL is urlRecord.

      6. @@ -80840,30 +80836,51 @@ dictionary WindowPostMessageOptions : PostMessageOpt data-x="concept-request-referrer">referrer to "noreferrer".

      -

    6. Let window be target browsing context's active - window.

      7. - -

    7. Let historyHandling be "replace" if - new is true; otherwise "default".

      8. - -

    8. Navigate target browsing context to +

    9. If urlRecord is not about:blank, then + navigate target browsing context to request, with exceptionsEnabled set to true, historyHandling set to historyHandling, and the - source browsing context set to source browsing context.

      10. + data-x="navigation-hh">historyHandling set to "replace", + and the source browsing context set to source browsing context.

    • -

  • If noopener is true or windowType is "new with no opener", then return null.

    • -
  • -

    Otherwise, if new is false, set target browsing context's opener - browsing context to source browsing context.

    +

    Otherwise:

    + +
      +
    1. +

      If url is not the empty string, then:

      + +
        +

      1. Let urlRecord be the URL record + about:blank.

        2. + +

      2. Parse url relative to the entry + settings object, and set urlRecord to the resulting URL + record, if any. If the parse a URL algorithm failed, then throw a + "SyntaxError" DOMException.

        3. + +

      3. Let request be a new request whose + URL is urlRecord.

        4. + +

      4. If noreferrer is true, then set request's referrer to "noreferrer".

        5. -

        If new is true this is done as part of creating a new auxiliary - browsing context.

        +

      5. Navigate target browsing context to + request, with exceptionsEnabled set to true and the + source browsing context set to source browsing context.

        6. +
      +
      2. + +

    2. If noopener is false, then set target browsing context's + opener browsing context to source browsing context.

      3. +
    • +

  • If noopener is true or windowType is "new with no opener", then return null.

    • +

  • Return target browsing context's WindowProxy object.

    • From af0c760a3cb341ceaee65751f7b596ca1c307b12 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Mon, 26 Jul 2021 17:17:22 -0400 Subject: [PATCH 4/8] Review comments --- source | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/source b/source index 2dd4a36680b..d03999af7f4 100644 --- a/source +++ b/source @@ -6575,6 +6575,14 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute tree order.

    +

    A URL is exactly about:blank if its scheme is "about", its path contains a single string "blank", its + username and password are the empty string, and its host, query, and fragment are null.

    +
    @@ -9199,7 +9207,7 @@ o.myself = o; nested browsing context's container document's origin, even though its active Document's URL is - "about:blank".

    + about:blank.

    When a Document is created by a script using the createDocument() or HTMLIFrameElement : HTMLElement { -

  • If url is about:blank and initialInsertion is true, - then return.

    • +

  • If url is exactly about:blank and + initialInsertion is true, then return.

  • Let resource be a new request whose URL is url and whose HTMLObjectElement : HTMLElement {

    If the object element's nested browsing context is null, then create a new nested browsing context for the element.

    -

    If the URL of the given resource is not about:blank, then - navigate the element's nested browsing - context to that resource, with historyHandling set - to "replace" and the source browsing context - set to the object element's node document's If the URL of the given resource is + not exactly about:blank, then navigate + the element's nested browsing context to that resource, with historyHandling set to "replace" and the source browsing context set to the + object element's node document's browsing context. (The data attribute of the object element doesn't get updated if the browsing context gets further navigated to other locations.)

    @@ -79194,8 +79203,8 @@ popup4.close();
    • origin    .

  • -

    If invocationOrigin is non-null and url is about:blank, - then return invocationOrigin.

    +

    If invocationOrigin is non-null and url is exactly + about:blank, then return invocationOrigin.

    The result here is that two documents end up with the same underlying origin, meaning that document.domain @@ -79297,8 +79306,8 @@ popup4.close();

  • Assert: document's URL and document's relevant settings object's creation URL are - about:blank.

    • + data-x="concept-environment-creation-url">creation URL     are exactly about:blank.

  • Set document's is initial about:blank to true.

    • @@ -80834,11 +80843,12 @@ dictionary WindowPostMessageOptions : PostMessageOpt

  • If noreferrer is true, then set request's referrer to "noreferrer".

    • + data-x="">no-referrer".

    -

  • If urlRecord is not about:blank, then - navigate target browsing context to - request, with exceptionsEnabled set to true,

    If urlRecord is not exactly + about:blank, then navigate + target browsing context to request, with + exceptionsEnabled set to true, historyHandling set to "replace", and the source browsing context set to source browsing context.

    • From cd5f3273daff098d100f21dc654b4f14f3b57c6b Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Tue, 27 Jul 2021 13:40:57 -0400 Subject: [PATCH 5/8] Do *not* check query and fragment --- source | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/source b/source index d03999af7f4..ad5df4421c1 100644 --- a/source +++ b/source @@ -6575,13 +6575,17 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute tree order.

    -

    A URL is exactly about:blank if its A URL matches about:blank if its scheme is "about", its path contains a single string "blank", its username and password are the empty string, and its host, query, and fragment are null.

    + data-x="concept-url-host">host     is null.

    + +

    Such a URL's query and fragment can be non-null. For example, the URL + record created by parsing "about:blank?foo#bar" matches about:blank.

    @@ -30706,7 +30710,7 @@ interface HTMLIFrameElement : HTMLElement { -

  • If url is exactly about:blank and +

  • If url matches about:blank and initialInsertion is true, then return.

  • Let resource be a new request whose HTMLObjectElement : HTMLElement {

    If the object element's nested browsing context is null, then create a new nested browsing context for the element.

    -

    If the URL of the given resource is - not exactly about:blank, then navigate - the element's nested browsing context to that resource, with If the URL of the given resource does not match about:blank, then navigate the element's nested browsing context to that resource, with historyHandling set to "replace" and the source browsing context set to the object element's node document's

    • origin.

  • -

    If invocationOrigin is non-null and url is exactly +

    If invocationOrigin is non-null and url matches about:blank, then return invocationOrigin.

    The result here is that two documents end up with the same underlying @@ -79306,8 +79310,8 @@ popup4.close();

  • Assert: document's URL and document's relevant settings object's creation URL are exactly about:blank.

    • + data-x="concept-environment-creation-url">creation URL are + about:blank.

  • Set document's is initial about:blank to true.

    • @@ -80845,12 +80849,13 @@ dictionary WindowPostMessageOptions : PostMessageOpt data-x="concept-request-referrer">referrer to "no-referrer".

    -

  • If urlRecord is not exactly +

  • If urlRecord does not match about:blank, then navigate target browsing context to request, with exceptionsEnabled set to true, historyHandling set to "replace", - and the source browsing context set to source browsing context.

    • + data-x="navigation-hh">historyHandling set to "replace", and the source browsing context set to + source browsing context.

    From e0dc4c9b0ce06b48e46ed11a05599523bd53d0a7 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Mon, 2 Aug 2021 10:46:08 -0400 Subject: [PATCH 6/8] URL and history update steps --- source | 55 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 14 deletions(-) diff --git a/source b/source index ad5df4421c1..2a6849f50f2 100644 --- a/source +++ b/source @@ -30710,8 +30710,22 @@ interface HTMLIFrameElement : HTMLElement { -

  • If url matches about:blank and - initialInsertion is true, then return.

    • +
  • +

    If url matches about:blank and + initialInsertion is true, then:

    + +
      +
    1. +

      Perform the URL and history update steps given element's + nested browsing context's active document and url.

      + +

      This is necessary in case url is something like about:blank?foo.

      +
      2. + +

    2. Return.

      3. +
    +

  • Let resource be a new request whose URL is url and whose WindowPostMessageOptions : PostMessageOpt failed, then throw a "SyntaxError" DOMException.

    • -

  • Let request be a new request whose - URL is urlRecord.

    • +
  • +

    If urlRecord matches about:blank, then perform the + URL and history update steps given target browsing context's + active document and urlRecord.

    -

  • If noreferrer is true, then set request's referrer to "no-referrer".

    • +

    This is necessary in case urlRecord is something like about:blank?foo.

    + + +
  • +

    Otherwise:

    + +
      +

    1. Let request be a new request whose + URL is urlRecord.

      2. + +

    2. If noreferrer is true, then set request's referrer to "no-referrer".

      3. -

    3. If urlRecord does not match - about:blank, then navigate - target browsing context to request, with - exceptionsEnabled set to true, historyHandling set to "replace", and the source browsing context set to - source browsing context.

      4. +

    4. Navigate target browsing context to + request, with exceptionsEnabled set to true, historyHandling set to "replace", and the source browsing context set to + source browsing context.

      5. +
    +
    • From 5bc2d13b8582c66475aba1448366f70d0ed547cc Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Thu, 5 Aug 2021 16:03:16 -0400 Subject: [PATCH 7/8] Fire the load event sync --- source | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/source b/source index 2a6849f50f2..12f01fbae08 100644 --- a/source +++ b/source @@ -30685,10 +30685,9 @@ interface HTMLIFrameElement : HTMLElement { -

  • Otherwise, if element has a src attribute - specified, or initialInsertion is false, then run the shared attribute - processing steps for iframe and frame elements given - element and initialInsertion.

    • +

  • Otherwise, run the shared attribute processing steps for iframe and + frame elements given element and + initialInsertion.

    • The shared attribute processing steps @@ -30723,6 +30722,8 @@ interface HTMLIFrameElement : HTMLElement { data-x="">about:blank?foo.

    +

  • Run the iframe load event steps given element.

    • +

  • Return.

    • @@ -88554,9 +88555,26 @@ dictionary PageTransitionEventInit : EventInit

    Set document's completely loaded time to the current time.

    -

  • Let container be document's browsing context's container.

    • +
  • +

    Let container be document's browsing context's container.

    + +
    +

    This will be null in the case where document is the initial about:blank Document in a + frame or iframe, since at the point of browsing context creation which calls this algorithm, the container + relationship has not yet been established. (That happens in a subsequent step of create + a new nested browsing context.)

    + +

    The consequence of this is that we the following steps do nothing, i.e., we do not fire an + asynchronous load event on the container element for such + cases. Instead, a synchronous load event is fired in a special + initial-insertion case in the shared attribute processing steps for iframe + and frame elements.

    +
    +

  • If container is an iframe element, then queue an element task on the DOM manipulation task source given container to run From 504d117d07e8b6b5a55c973ea1e3adb65d187136 Mon Sep 17 00:00:00 2001 From: Domenic Denicola Date: Tue, 10 Aug 2021 11:37:42 -0400 Subject: [PATCH 8/8] Expand the note per review --- source | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source b/source index 12f01fbae08..05d9f2a2117 100644 --- a/source +++ b/source @@ -30719,7 +30719,8 @@ interface HTMLIFrameElement : HTMLElement { nested browsing context's active document and url.

    This is necessary in case url is something like about:blank?foo.

    + data-x="">about:blank?foo. If url is just plain about:blank, this will do nothing.

  • Run the iframe load event steps given element.

    • @@ -80862,8 +80863,9 @@ dictionary WindowPostMessageOptions : PostMessageOpt URL and history update steps given target browsing context's active document and urlRecord.

    -

    This is necessary in case urlRecord is something like about:blank?foo.

    +

    This is necessary in case url is something like about:blank?foo. If url is just plain about:blank, this will do nothing.