Bug 233876

Summary: History intervention to prevent Back button abuse
Product: WebKit Reporter: Ali Juma <ajuma>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: achristensen, beidson, bfulgham, cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Ali Juma 2021-12-06 07:56:56 PST
Some websites abuse the History API to inject history entries that break the Back button.

For example, on Safari on iOS 15.1:
1. Visit google.com and search for "PVR Silver Arc"
2. Tap on "Website" in the search result box for "PVR Silver Arc".
3. Tap on the back button to try to return to the search results page.

Actual result:
The site has inserted an entry into the back/forward list so no matter how many times you tap on the back button, you stay on this site.

Blink and Gecko have shipped an intervention to prevent this kind of abuse. This marks entries added to the Back/Forward list without user action so that they're skipped when tapping on the Back button.
WICG: https://github.com/WICG/interventions/issues/21
Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=907167
Gecko bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1515073
Comment 1 Radar WebKit Bug Importer 2021-12-13 07:57:18 PST
<rdar://problem/86411831>