diff --git a/source b/source index a9882279bbe..52fce2f33f6 100644 --- a/source +++ b/source @@ -84625,6 +84625,10 @@ interface Location { // but see also is historyHandling.

  • Run process a navigate response with navigationType, - allowedToDownload, and navigationParams.

    • + allowedToDownload, hasTransientActivation, and + navigationParams.

    @@ -84730,7 +84735,8 @@ interface Location { // but see also     So for example a fetch scheme

    Run process a navigate fetch given resource, the source browsing context, browsingContext, navigationType, - sandboxFlags, allowedToDownload, incumbentNavigationOrigin, - activeDocumentNavigationOrigin, and historyHandling.

    + sandboxFlags, allowedToDownload, hasTransientActivation, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + historyHandling.

    Otherwise, resource is a request whose url's scheme is neither "javascript" nor a fetch scheme

    Run process a navigate URL scheme given resource's url and browsingContext.

    + data-x="concept-request-url">url, browsingContext, and + hasTransientActivation.

    @@ -84766,9 +84774,10 @@ interface Location { // but see also     request request, two browsing contexts sourceBrowsingContext and browsingContext, a string navigationType, a sandboxing flag set sandboxFlags, a - boolean allowedToDownload, two origins - incumbentNavigationOrigin and activeDocumentNavigationOrigin, and a - history handling behavior historyHandling:

    + boolean allowedToDownload, a boolean hasTransientActivation, two origins incumbentNavigationOrigin and + activeDocumentNavigationOrigin, and a history handling behavior + historyHandling:

    1. Let response be null.

      2. @@ -84784,8 +84793,7 @@ interface Location { // but see also       id.

      -

    2. If sourceBrowsingContext's WindowProxy's [[Window]] value has - transient activation, then set request's

      If hasTransientActivation is true, then set request's user-activation to true.

    3. @@ -84808,7 +84816,7 @@ interface Location { // but see also cross-origin opener policy enforcement result whose Location { // but see also request whose url is locationURL, sourceBrowsingContext, browsingContext, navigationType, - allowedToDownload, sandboxFlags, incumbentNavigationOrigin, - activeDocumentNavigationOrigin, and historyHandling, and return. + allowedToDownload, hasTransientActivation, sandboxFlags, + incumbentNavigationOrigin, activeDocumentNavigationOrigin, and + historyHandling, and return. -

    4. Otherwise, if locationURL is a URL, run the process a - navigate URL scheme given locationURL and browsingContext, and - return.

      5. +
    5. +

      Otherwise, if locationURL is a URL:

      + +
        +

      1. Process a navigate URL scheme given locationURL, + browsingContext, and hasTransientActivation.

        2. + +

      2. Return.

        3. +
      +

    6. Let navigationParams be a new navigation params whose request is request, Location { // but see also

      Otherwise, the document's type is such that the resource will not affect browsingContext, e.g., because the resource is to be handed to an external application - or because it is an unknown type that will be processed as a download. Process the resource appropriately.

      + or because it is an unknown type that will be processed as a download. + Hand-off to external software given response and + hasTransientActivation.

    -

    To process a navigate URL scheme, given a URL url and - browsing context browsingContext, run these steps:

    +

    To process a navigate URL scheme, given a URL url, a + browsing context browsingContext, and a boolean + hasTransientActivation:

    1. If url is to be handled using a mechanism that does not affect browsingContext, e.g., because url's scheme is handled externally, then proceed with that mechanism instead.

      2. + data-x="concept-url-scheme">scheme is handled externally, then hand-off to external + software given url and hasTransientActivation.

    2. Otherwise, url is to be handled by displaying some sort of inline content, e.g., @@ -85196,16 +85215,15 @@ interface Location { // but see also passing its URL or - data to an external software package separate from the user agent (e.g. handing a mailto: URL to a mail client, or a Word document to a word - processor), user agents should attempt to mitigate the risk that this is an attempt to exploit the - target software, e.g. by prompting the user to confirm that the source browsing - context's active document's origin is to be allowed to invoke the specified software. - In particular, if the navigate algorithm was invoked when source browsing - context's active window does not have transient activation, the - user agent should not invoke the external software package without prior user confirmation.

      +

      To hand-off to external software given a URL or response resource and a boolean + hasTransientActivation, user agents should perform the appropriate handoff of + resource while attempting to mitigate the risk that this is an attempt to exploit the + target software. For example, user agents could prompt the user to confirm that the source + browsing context's active document's origin is to be allowed to invoke the external software in + question. In particular, if hasTransientActivation is false, then the user agent should + not invoke the external software package without prior user confirmation.

      For example, there could be a vulnerability in the target software's URL handler which a hostile page would attempt to exploit by tricking a user into clicking a link.