Open mshibanami opened 3 months ago
During the 2024-08-01 meeting I mentioned that I was concerned about potential abuse scenarios with replacing the current URL. Someone else mentioned that the web's history.replaceState()
already provides this capability. I took a closer look after the meeting and was surprised to find that it was possible to use replaceState()
to navigate to another origin.
I also searched for abuse patterns, attacks, or annoyances related to the use of replaceState()
but didn't find anything notable. The only potential misuse I can see at the moment loading a page that triggers a browser exploit, then using history replacement to mask that the page was loaded. That said, since replaceState()
is already exposed on the web, a malicious website could already do this without the assistance of an extension.
At this point I don't see any concerns with this capability.
Background
On Firefox, the
tabs.update()
function can have a loadReplace parameter, which allows developers to specify whether the new URL should replace the old URL in the tab's navigation history, like this:It's not implemented in other browsers. However, replacing the navigation history is a pretty common use case.
You can call
window.location.replace()
incontent.js
for sure, but it's still beneficial when you want to call it beforecontent.js
is loaded.Proposal
It would be great if this
loadReplace
parameter were standardized and extensions could specify it in Safari, Chrome, etc.Misc