How things are right now
The webdriver specification defines the webdriver-active flag through the NavigatorAutomationInformation interface as follows:
The webdriver-active flag is set to true when the user agent is under remote control.
Most modern browsers set the value of this flag to true only when it is being automated using the WebDriver protocol.
Chrome diverts from the specification and declares the normally undeclared
webdriver property and sets the value of this flag to true.
The definition of the webdriver-active flag could be generously interpreted to indicate not only that a user agent is under remote control using something like WebDriver but that a user agent is receiving inputs that both originate outside of the document and are not user-agent initiated. We propose that UI events dispatched from a browser extension context cause the webdriver-active flag to be set to true.
In our proof-of-concept patch to Chrome, we look at the UIEvent constructor call context, and if
script_state->World().IsIsolatedWorld() is set, we set a global flag for automation control globally for current renderer. In our patch, we also align Chrome’s implementation of
navigator.webdriver with the specification. Note that events can be dispatched by
EventTarget.dispatchEvent, as well as through
Extensions operating by injecting script elements into the controlled document will continue to not set the webdriver-active flag. Arguably, this kind of remote control should be treated no differently than the types of usage we are affecting with this proposal.