Bug 233876 - History intervention to prevent Back button abuse
Summary: History intervention to prevent Back button abuse
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-12-06 07:56 PST by Ali Juma
Modified: 2021-12-13 07:57 PST (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ali Juma 2021-12-06 07:56:56 PST 
Some websites abuse the History API to inject history entries that break the Back button.

For example, on Safari on iOS 15.1:
1. Visit google.com and search for "PVR Silver Arc"
2. Tap on "Website" in the search result box for "PVR Silver Arc".
3. Tap on the back button to try to return to the search results page.

Actual result:
The site has inserted an entry into the back/forward list so no matter how many times you tap on the back button, you stay on this site.

Blink and Gecko have shipped an intervention to prevent this kind of abuse. This marks entries added to the Back/Forward list without user action so that they're skipped when tapping on the Back button.
WICG: https://github.com/WICG/interventions/issues/21
Blink bug: https://bugs.chromium.org/p/chromium/issues/detail?id=907167
Gecko bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1515073
Comment 1 Radar WebKit Bug Importer 2021-12-13 07:57:18 PST 
<rdar://problem/86411831>