[Proposal] Synthetic user events dispatched from isolated worlds


#1

How things are right now

The webdriver specification defines the webdriver-active flag through the NavigatorAutomationInformation interface as follows:

The webdriver-active flag is set to true when the user agent is under remote control.

Most modern browsers set the value of this flag to true only when it is being automated using the WebDriver protocol.

Chrome diverts from the specification and declares the normally undeclared webdriver property and sets the value of this flag to true.

Proposed changes

The definition of the webdriver-active flag could be generously interpreted to indicate not only that a user agent is under remote control using something like WebDriver but that a user agent is receiving inputs that both originate outside of the document and are not user-agent initiated. We propose that UI events dispatched from a browser extension context cause the webdriver-active flag to be set to true.

Implementation details

In our proof-of-concept patch to Chrome, we look at the UIEvent constructor call context, and if script_state->World().IsIsolatedWorld() is set, we set a global flag for automation control globally for current renderer. In our patch, we also align Chrome’s implementation of navigator.webdriver with the specification. Note that events can be dispatched by EventTarget.dispatchEvent, as well as through HTMLElement.click and HTMLForm.submit APIs.

Caveats

Extensions operating by injecting script elements into the controlled document will continue to not set the webdriver-active flag. Arguably, this kind of remote control should be treated no differently than the types of usage we are affecting with this proposal.