A partial archive of discourse.wicg.io as of Saturday February 24, 2024.

[Proposal] Synthetic user events dispatched from isolated worlds

shekyan
2019-02-04

How things are right now

The webdriver specification defines the webdriver-active flag through the NavigatorAutomationInformation interface as follows:

The webdriver-active flag is set to true when the user agent is under remote control.

Most modern browsers set the value of this flag to true only when it is being automated using the WebDriver protocol.

Chrome diverts from the specification and declares the normally undeclared webdriver property and sets the value of this flag to true.

Proposed changes

The definition of the webdriver-active flag could be generously interpreted to indicate not only that a user agent is under remote control using something like WebDriver but that a user agent is receiving inputs that both originate outside of the document and are not user-agent initiated. We propose that UI events dispatched from a browser extension context cause the webdriver-active flag to be set to true.

Implementation details

In our proof-of-concept patch to Chrome, we look at the UIEvent constructor call context, and if script_state->World().IsIsolatedWorld() is set, we set a global flag for automation control globally for current renderer. In our patch, we also align Chrome’s implementation of navigator.webdriver with the specification. Note that events can be dispatched by EventTarget.dispatchEvent, as well as through HTMLElement.click and HTMLForm.submit APIs.

Caveats

Extensions operating by injecting script elements into the controlled document will continue to not set the webdriver-active flag. Arguably, this kind of remote control should be treated no differently than the types of usage we are affecting with this proposal.

marcosc
2019-02-18

This seems like a very browser-extension specific proposal (instead of general web browser proposal). It might be best to propose this to either Mozilla or Chrome directly?

shekyan
2019-02-27

We actually would like this proposal to be more general. We used extensions as an example of a place where UIEvents could originate, but we hope that UIEvents that come from any source other than human interface devices would enable the webdriver-active flag. If you know of a better way of describing this category of inputs or another notification mechanism that would be more appropriate, we would love your help with this proposal.

marcosc
2019-02-27

Definitely not an expert, but I would suggest maybe posting an issue in the web driver spec repo:

At least, it will allow you to get useful feedback from folks that know this area well and might have suggestion about how to best proceed.