Changeset 214277 in webkit

Timestamp:

Mar 22, 2017 2:14:23 PM (7 years ago)

Author:

Chris Dumez

Message:

WebKit should disallow beforeunload alerts from web pages users have never interacted with
​https://bugs.webkit.org/show_bug.cgi?id=169936
<rdar://problem/23798897>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

• web-platform-tests/html/browsers/browsing-the-web/unloading-documents/beforeunload-canceling-expected.txt:
• web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:

Rebaseline now that the CONFIRM MESSAGE lines are now longer shown. This is because there is no user interaction
with the page.

Source/WebCore:

WebKit should disallow beforeunload alerts from web pages users have never interacted with.
This reduces the risk of annoyance to the user and is allowed by the specification:

• ​https://html.spec.whatwg.org/multipage/browsers.html#prompt-to-unload-a-document (Step 8):

which says:
"""
The user agent is encouraged to avoid asking the user for confirmation if it judges that doing
so would be annoying, deceptive, or pointless. A simple heuristic might be that if the user
has not interacted with the document, the user agent would not ask for confirmation before
unloading it.
"""

Firefox already implements this, Chrome does not.

Tests: fast/events/beforeunload-alert-no-user-interaction.html

fast/events/beforeunload-alert-user-interaction.html
fast/events/beforeunload-alert-user-interaction2.html

• loader/FrameLoader.cpp:

(WebCore::shouldAskForNavigationConfirmation):
(WebCore::FrameLoader::dispatchBeforeUnloadEvent):

LayoutTests:

• fast/events/before-unload-return-string-conversion-expected.txt:
• fast/events/before-unload-returnValue-expected.txt:

Rebaseline now that the CONFIRM MESSAGE is no longer shown. This is because there is
no user interaction with the page.

• fast/events/beforeunload-alert-no-user-interaction-expected.txt: Added.
• fast/events/beforeunload-alert-no-user-interaction.html: Added.
• fast/events/beforeunload-alert-user-interaction-expected.txt: Added.
• fast/events/beforeunload-alert-user-interaction.html: Added.
• fast/events/beforeunload-alert-user-interaction2-expected.txt: Added.
• fast/events/beforeunload-alert-user-interaction2.html: Added.

Add layout test coverage.

• fast/loader/form-submission-after-beforeunload-cancel.html:
• fast/loader/show-only-one-beforeunload-dialog.html:
• http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin.html:
• http/tests/misc/iframe-beforeunload-dialog-not-matching-ancestor-securityorigin.html:

Simulate user interaction with the page so that the CONFIRM MESSAGE log lines are still
shown.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/events/before-unload-return-string-conversion-expected.txt (modified) (1 diff)
• LayoutTests/fast/events/before-unload-returnValue-expected.txt (modified) (1 diff)
• LayoutTests/fast/events/beforeunload-alert-no-user-interaction-expected.txt (added)
• LayoutTests/fast/events/beforeunload-alert-no-user-interaction.html (added)
• LayoutTests/fast/events/beforeunload-alert-user-interaction-expected.txt (added)
• LayoutTests/fast/events/beforeunload-alert-user-interaction.html (added)
• LayoutTests/fast/events/beforeunload-alert-user-interaction2-expected.txt (added)
• LayoutTests/fast/events/beforeunload-alert-user-interaction2.html (added)
• LayoutTests/fast/loader/form-submission-after-beforeunload-cancel.html (modified) (3 diffs)
• LayoutTests/fast/loader/show-only-one-beforeunload-dialog.html (modified) (3 diffs)
• LayoutTests/http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin.html (modified) (3 diffs)
• LayoutTests/http/tests/misc/iframe-beforeunload-dialog-not-matching-ancestor-securityorigin.html (modified) (3 diffs)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/unloading-documents/beforeunload-canceling-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt (modified) (1 diff)
• LayoutTests/platform/ios-simulator/TestExpectations (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/FrameLoader.cpp (modified) (3 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-03-22  Chris Dumez  <cdumez@apple.com>
+
+        WebKit should disallow beforeunload alerts from web pages users have never interacted with
+        https://bugs.webkit.org/show_bug.cgi?id=169936
+        <rdar://problem/23798897>
+
+        Reviewed by Brent Fulgham.
+
+        * fast/events/before-unload-return-string-conversion-expected.txt:
+        * fast/events/before-unload-returnValue-expected.txt:
+        Rebaseline now that the CONFIRM MESSAGE is no longer shown. This is because there is
+        no user interaction with the page.
+
+        * fast/events/beforeunload-alert-no-user-interaction-expected.txt: Added.
+        * fast/events/beforeunload-alert-no-user-interaction.html: Added.
+        * fast/events/beforeunload-alert-user-interaction-expected.txt: Added.
+        * fast/events/beforeunload-alert-user-interaction.html: Added.
+        * fast/events/beforeunload-alert-user-interaction2-expected.txt: Added.
+        * fast/events/beforeunload-alert-user-interaction2.html: Added.
+        Add layout test coverage.
+
+        * fast/loader/form-submission-after-beforeunload-cancel.html:
+        * fast/loader/show-only-one-beforeunload-dialog.html:
+        * http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin.html:
+        * http/tests/misc/iframe-beforeunload-dialog-not-matching-ancestor-securityorigin.html:
+        Simulate user interaction with the page so that the CONFIRM MESSAGE log lines are still
+        shown.
+
 2017-03-22  Nan Wang  <n_wang@apple.com>
 

trunk/LayoutTests/fast/events/before-unload-return-string-conversion-expected.txt

@@ -1 @@
-CONFIRM NAVIGATION: PASS
 Tests that the value returned from a beforeunload event handler gets converted to a string, even if the returnValue property was already set.
 

trunk/LayoutTests/fast/events/before-unload-returnValue-expected.txt

@@ -1 @@
-CONFIRM NAVIGATION: This is beforeunload from the top level frame.
 Tests the returnValue attribute of the BeforeUnloadEvent.
 

trunk/LayoutTests/fast/loader/form-submission-after-beforeunload-cancel.html

@@ +1 @@
+<script src="../../resources/ui-helper.js"></script>
 <script>
 if (window.testRunner) {
@@ -7 +8 @@
 
 _confirmationDialogDisplayedOnce = false;
+
+function submitForm()
+{
+    document.forms[0].submit();
+}
 
 window.addEventListener("beforeunload", function() {
@@ -35 +41 @@
 
 <div id="console"></div>
-
+<input id="testButton" type="button" value="Click to submit form" onclick="submitForm()">
 <form action="resources/pass-and-notify-done.html" method="POST">
 </form>
 
 <script>
-document.forms[0].submit();
+// Simulate a user interaction with the page so that the beforeunload alert shows.
+const testButton = document.getElementById("testButton");
+UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
 </script>

trunk/LayoutTests/fast/loader/show-only-one-beforeunload-dialog.html

@@ +1 @@
+<script src="../../resources/ui-helper.js"></script>
 <script>
 
@@ -6 +7 @@
 }
 
+function navigateFrame()
+{
+        window.location.href = 'resources/notify-done.html';
+}
+
 window.onload = function()
 {
-        window.setTimeout("window.location.href = 'resources/notify-done.html';", 0);
+        // Simulate a user interaction with the page so that the beforeunload alert shows.
+        const testButton = document.getElementById("testButton");
+        UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
 }
 
@@ -21 +29 @@
 This page also has a beforeunload dialog, itself.<br>
 Only the dialog from this top-level frame should display, and none of the iframe ones should display.<br>
+<input id="testButton" type="button" value="Click to navigate" onclick="navigateFrame()"><br>
 <iframe src="resources/iframe-with-beforeunload.html"></iframe><br>
 <iframe src="resources/iframe-with-beforeunload.html"></iframe><br>

trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin.html

@@ +1 @@
+<script src="/js-test-resources/ui-helper.js"></script>
 <script>
 
@@ -6 +7 @@
 }
 
+function navigateFrame()
+{
+        window.location.href = 'resources/notify-done.html';
+}
+
 window.onload = function()
 {
-        window.setTimeout("window.location.href = 'resources/notify-done.html';", 0);
+        // Simulate a user interaction with the page so that the beforeunload alert shows.
+        const testButton = document.getElementById("testButton");
+        UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
 }
 
@@ -15 +23 @@
 When viewed using the host 127.0.0.1, this page has an iframe whose security origin matches the main frame.<br>
 The iframe has a beforeunload handler, and that handler should result in the display of the page dismissal dialog.<br>
+<input id="testButton" type="button" value="Click to navigate" onclick="navigateFrame()">
 <iframe src="http://127.0.0.1:8000/misc/resources/iframe-with-beforeunload.html"></iframe><br>
 </body>

trunk/LayoutTests/http/tests/misc/iframe-beforeunload-dialog-not-matching-ancestor-securityorigin.html

@@ +1 @@
+<script src="/js-test-resources/ui-helper.js"></script>
 <script>
 
@@ -6 +7 @@
 }
 
+function navigateFrame()
+{
+        window.location.href = 'resources/notify-done.html';
+}
+
 window.onload = function()
 {
-        window.setTimeout("window.location.href = 'resources/notify-done.html';", 0);
+        // Simulate a user interaction with the page so that the beforeunload alert shows.
+        const testButton = document.getElementById("testButton");
+        UIHelper.activateAt(testButton.offsetLeft + 5, testButton.offsetTop + 5);
 }
 
@@ -15 +23 @@
 When viewed using the host 127.0.0.1, this page has an iframe whose security origin is different from the main frame.<br>
 The iframe has a beforeunload handler, and that handler should not result in the display of the page dismissal dialog since the security origins differ.<br>
+<input id="testButton" type="button" value="Click to navigate" onclick="navigateFrame()"><br>
 <iframe src="http://localhost:8000/misc/resources/iframe-with-beforeunload.html"></iframe><br>
 </body>

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2017-03-22  Chris Dumez  <cdumez@apple.com>
+
+        WebKit should disallow beforeunload alerts from web pages users have never interacted with
+        https://bugs.webkit.org/show_bug.cgi?id=169936
+        <rdar://problem/23798897>
+
+        Reviewed by Brent Fulgham.
+
+        * web-platform-tests/html/browsers/browsing-the-web/unloading-documents/beforeunload-canceling-expected.txt:
+        * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+        Rebaseline now that the CONFIRM MESSAGE lines are now longer shown. This is because there is no user interaction
+        with the page.
+
 2017-03-22  Romain Bellessort  <romain.bellessort@crf.canon.fr>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/browsers/browsing-the-web/unloading-documents/beforeunload-canceling-expected.txt

@@ -1 @@
-CONFIRM NAVIGATION: 
-CONFIRM NAVIGATION: false
-CONFIRM NAVIGATION: true
-CONFIRM NAVIGATION: 0
-CONFIRM NAVIGATION: foo
-CONFIRM NAVIGATION: foo
-CONFIRM NAVIGATION: foo
-CONFIRM NAVIGATION: foo
-CONFIRM NAVIGATION: foo
-CONFIRM NAVIGATION: foo
 
 PASS Returning a string must not cancel the event: CustomEvent, non-cancelable 

trunk/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt

@@ -1 @@
-CONFIRM NAVIGATION: undefined
 
 PASS The Function instance must be created in the Realm of the node document 

trunk/LayoutTests/platform/ios-simulator/TestExpectations

@@ -364 +364 @@
 editing/caret/emoji.html [ Skip ]
 webkit.org/b/155233 fast/events/max-tabindex-focus.html [ Skip ]
+fast/events/beforeunload-alert-user-interaction.html [ Skip ]
 fast/forms/validation-bubble-escape-key-dismiss.html [ Skip ]
 fast/forms/validation-message-maxLength.html [ Skip ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-03-22  Chris Dumez  <cdumez@apple.com>
+
+        WebKit should disallow beforeunload alerts from web pages users have never interacted with
+        https://bugs.webkit.org/show_bug.cgi?id=169936
+        <rdar://problem/23798897>
+
+        Reviewed by Brent Fulgham.
+
+        WebKit should disallow beforeunload alerts from web pages users have never interacted with.
+        This reduces the risk of annoyance to the user and is allowed by the specification:
+        - https://html.spec.whatwg.org/multipage/browsers.html#prompt-to-unload-a-document (Step 8):
+        which says:
+        """
+        The user agent is encouraged to avoid asking the user for confirmation if it judges that doing
+        so would be annoying, deceptive, or pointless. A simple heuristic might be that if the user
+        has not interacted with the document, the user agent would not ask for confirmation before
+        unloading it.
+        """
+
+        Firefox already implements this, Chrome does not.
+
+        Tests: fast/events/beforeunload-alert-no-user-interaction.html
+               fast/events/beforeunload-alert-user-interaction.html
+               fast/events/beforeunload-alert-user-interaction2.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::shouldAskForNavigationConfirmation):
+        (WebCore::FrameLoader::dispatchBeforeUnloadEvent):
+
 2017-03-22  Brent Fulgham  <bfulgham@apple.com>
 

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -3069 +3069 @@
 }
 
-static bool shouldAskForNavigationConfirmation(const BeforeUnloadEvent& event)
-{
+static bool shouldAskForNavigationConfirmation(Document& document, const BeforeUnloadEvent& event)
+{
+    bool userDidInteractWithPage = document.topDocument().lastHandledUserGestureTimestamp() > 0;
     // Web pages can request we ask for confirmation before navigating by:
     // - Cancelling the BeforeUnloadEvent (modern way)
@@ -3076 +3077 @@
     // - Returning a non-empty string from the event handler, which is then set as returnValue
     //   attribute on the BeforeUnloadEvent.
-    return event.defaultPrevented() || !event.returnValue().isEmpty();
+    return userDidInteractWithPage && (event.defaultPrevented() || !event.returnValue().isEmpty());
 }
 
@@ -3103 +3104 @@
         document->defaultEventHandler(beforeUnloadEvent.get());
 
-    if (!shouldAskForNavigationConfirmation(beforeUnloadEvent))
+    if (!shouldAskForNavigationConfirmation(*document, beforeUnloadEvent))
         return true;