Description
#8048 and linked feature suggest to expose certain information about the navigation (navigation type, previous/next URL) to CSS, e.g. in the form of media queries.
Some security concerns about it that should be discussed and resolved:
As a general rule we don't consider 3rd party CSS as "safe", it can already exfiltrate a lot of information and alter the behavior of the page. However, it is still handled differently than scripts, e.g. style-src
and script-src
are separate directives.
When exposing navigation type and previous/next URL to CSS, we give CSS direct observation into the cross-document world.
The threat model: An existing 3p CSS would now be able to exfiltrate (e.g. by an invisible background image) information about the referrer of its host document.
We should resolve how much this should be a constraint and affect our design, if at all. If we decide that this is not a problem, great!
One potential mitigation would be to have some kind of HTML opt-in to make CSS "navigation aware", to avoid making these changes something that affects existing sites.