Hi everyone, I’m new to Chromium and currently studying specific components for a university web-security seminar. Because the codebase is quite large, I’m hoping someone can point me to the relevant areas.
Specifically, I’m trying to understand *where Chromium decides whether an action counts as a “user activation”* in the context of *Android intent URI handling* (e.g., clicking a link like: intent://scan/#Intent;scheme=exampleapp;package=com.example.app;end; which then opens an app) Chrome on Android will allow this navigation if it was triggered by a genuine user gesture (e.g., a tap), but if it is triggered by script without prior user interaction, Chrome either blocks it or shows a confirmation dialog. My goal is to analyze *which input events qualify as transient user activation* and how this feeds into the intent-launching logic. So far, from online documentation, I found that events such as click, keydown/keyup, touchstart/touchend contribute to user activation, while others do not. However, I would like to confirm this by locating the actual decision logic in the source code. Could someone point me to the part of the Chromium codebase where: 1. User gestures / user activation are detected and recorded, and 2. The navigation / intent-launching code checks are done? Any pointers to the right directories or files would be greatly appreciated. I hope the question isn't too confusing. Thanks in advance! -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2842dde4-5ad7-4ffa-b348-ca538589981fn%40chromium.org.
