HackerTrans
TopNewTrendsCommentsPastAskShowJobs

New in Chrome 120 back button detection(developer.chrome.com)

48 points·by clementmas·3 lata temu·26 comments
developer.chrome.com
New in Chrome 120 back button detection

https://developer.chrome.com/blog/new-in-chrome-120

27 comments

snailmailman·3 lata temu
Does this mean websites can now hijack android’s OS-level back button? In addition to hijacking the browser level one?

I hate when I hit back, but instantly redirect to the same page. This is so frustrating when it happens. And it happens even on major sites. (Microsoft’s official community “answers” forums have given me this issue lately. Fills up search results and then traps you there)
progman32·3 lata temu
Kind of. There is a mitigation in the spec https://github.com/WICG/close-watcher#abuse-analysis

Briefly, the user may need to press back a couple times in order to escape, but the maximum number of presses needed is bounded and is dependent on how much the user interacts with the page. Of note, closing the tab bypasses this API entirely, at least according to that page.
saghm·3 lata temu
Usually my back button on my phone already just does the browser back functionality when the browser is open, which does mean it gets hijacked. Sometimes if I mash the back button enough I'll manage to sneak a trigger throughout whatever dumb thing the site implemented to try to stop me though, so I'm loath to give them any other tools to try to detect this.
Gare·3 lata temu
Long press on the back button usually works
inquirerGeneral·3 lata temu
dr_kiszonka·3 lata temu
(I don't know if it is OS-level.) If you have the GitHub Android app installed, GitHub links open in the app. In the app, swiping right (back) takes you to the app's home screen and not to where you clicked the link (e.g., the HN app). The same isn't true for many other apps.

Also, GitHub team, could you make your app better? It has so many little annoyances.
candiddevmike·3 lata temu
I'm seeing this a lot with news sites, they'll redirect your back press to a page screen with bunch of click bait headline/images. Some of them are pretty disturbing at first glance, seems like they're trying to get shocking images in front of you to keep you engaged. I think they're trying to fight against news aggregators but it's such a shitty idea.

The funny/sad thing is the folks adding this functionality are probably reading my comment. You should be ashamed of yourselves.
derekp7·3 lata temu
A more evil version of this is detecting which news aggregator sent you there, then making that clickbait page look like the source aggregator. I've seen this with the news feed from Chrome on Android, clicking on a store then going back I thought I was back on the news feed but the stories just didn't look right.
Zuiii·3 lata temu
This could totally be used for phishing, right? Open a link in gmail -> go to nasty site -> press back and see google login page that's actually still the nasty site. Browsers should prevent cross origin sites from seeing where the visitor came from (i.e. clear referrer).

Also, why doesn't the back button disable any automatic (non-user initiated) redirects on pages loaded that way? Seems like an obvious fix to the history loops we keep seeing.
sroussey·3 lata temu
Websites have a lot of control over referrer headers these days.

Often, news aggregators add to urls so the site knows where it came from, or it’s using a feed that already has that.

Now, that said, in an email, you can send links that encode that it’s coming from email, but you would get caught by the non-gmail using people suddenly seeing fake gmail.
Zuiii·3 lata temu
The pessimist in me says that most will probably try to log in anyway.
doctor_radium·3 lata temu
I am starting to make a collection of such sites. Wonder if UBlock Origin would be interested in adding them to a new or existing "annoyances" filter list?
morkalork·3 lata temu
Ah, the ye olde chum bucket
akersten·3 lata temu
The <details> name attribute example doesn't actually use the name attribute? Am I missing something?
clementmas·3 lata temu
They added it in the YouTube video but forgot it in the post https://youtu.be/oqCsXbsuvM0
masswerk·3 lata temu
I noticed this, as well. AI-generated code? (It's hard to imagine a human setting up that code and forgetting about the very thing they are attempting to demonstrate.)
millzlane·3 lata temu
I thought I was missing something. But then I came looking for confirmation. Does this mean I may have what it takes to make it in webdev?
bastawhiz·3 lata temu
I noticed the same thing. I believe it's all unintentional omission.
0xfab1·3 lata temu
Maybe it's inferred with the built-in Large Language Markup
ggregoire·3 lata temu
> CloseWatcher API

> Chrome 120 brings the solution with CloseWatcher, a new API for directly listening and responding to close requests.

> watcher.addEventListener("close", () => document.querySelector("#sidebar").classList.remove("open"));

Couldn't they add an HTML attribute onCloseRequest?

Slightly related, I wish there was an attribute "onClickOutside" so we could close modals and dropdown menus without manually adding an event listener on the window and checking if the click wasn't inside the element.
domenicd·3 lata temu
The issue with a single global event handler is discussed here: https://github.com/WICG/close-watcher#a-single-event

If you use popover="", you get the kind of functionality you're discussing for free. For <dialog>, the discussion is in progress and reaching a conclusion: https://github.com/whatwg/html/issues/9373
chrismorgan·3 lata temu
I don’t think I ever like accordions where you can only have one item open at a time. So often I just want to open them all, and probably wish you hadn’t collapsed them in the first place. Well, at least if people start doing it this way I can make a simple user script to just remove name attributes from <details> elements.
clementmas·3 lata temu
I wish I'll be able to use the CloseWatcher API to replace my history API hack to close dialogs. As always, we're now waiting for browser support
rasz·3 lata temu
>Permission policy violation reports

How about my User Agent working for me instead? and doing exactly what I want and not some web page?
tuatoru·3 lata temu
Yet another reason to use something other than Chrome.
dagenix·3 lata temu
Why?
gaganyaan·3 lata temu
Can't speak for OP, but Google pushes through too many "standards" that are just "Do what Chrome already pushed to prod, or else users will think your browser is broken". Could be the same thing here