зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1677899 - Trust the process where where focus() is called for focusability. r=nika
Differential Revision: https://phabricator.services.mozilla.com/D104393
This commit is contained in:
Родитель
09bc72760a
Коммит
172b8e6584
|
@ -16,8 +16,6 @@ skip-if = (os == 'mac') || (os == 'linux') #Bug 1648649
|
|||
skip-if = debug && os == 'mac' # Bug 1568570
|
||||
[browser_fullscreen_window_focus.js]
|
||||
skip-if =
|
||||
os == 'linux' && fission # Bug 1677899
|
||||
os == 'mac' # Bug 1568570
|
||||
os == 'win' && fission # Bug 1677899
|
||||
[browser_fullscreen_api_fission.js]
|
||||
support-files = fullscreen.html FullscreenFrame.jsm
|
||||
|
|
|
@ -3723,9 +3723,10 @@ void nsGlobalWindowInner::Prompt(const nsAString& aMessage,
|
|||
}
|
||||
|
||||
void nsGlobalWindowInner::Focus(CallerType aCallerType, ErrorResult& aError) {
|
||||
FORWARD_TO_OUTER_OR_THROW(
|
||||
FocusOuter, (aCallerType, nsFocusManager::GenerateFocusActionId()),
|
||||
aError, );
|
||||
FORWARD_TO_OUTER_OR_THROW(FocusOuter,
|
||||
(aCallerType, /* aFromOtherProcess */ false,
|
||||
nsFocusManager::GenerateFocusActionId()),
|
||||
aError, );
|
||||
}
|
||||
|
||||
nsresult nsGlobalWindowInner::Focus(CallerType aCallerType) {
|
||||
|
|
|
@ -5040,6 +5040,7 @@ void nsGlobalWindowOuter::PromptOuter(const nsAString& aMessage,
|
|||
}
|
||||
|
||||
void nsGlobalWindowOuter::FocusOuter(CallerType aCallerType,
|
||||
bool aFromOtherProcess,
|
||||
uint64_t aActionId) {
|
||||
nsFocusManager* fm = nsFocusManager::GetFocusManager();
|
||||
if (!fm) {
|
||||
|
@ -5047,6 +5048,16 @@ void nsGlobalWindowOuter::FocusOuter(CallerType aCallerType,
|
|||
}
|
||||
|
||||
auto [canFocus, isActive] = GetBrowsingContext()->CanFocusCheck(aCallerType);
|
||||
if (aFromOtherProcess) {
|
||||
// We trust that the check passed in a process that's, in principle,
|
||||
// untrusted, because we don't have the required caller context available
|
||||
// here. Also, the worst that the other process can do in this case is to
|
||||
// raise a window it's not supposed to be allowed to raise.
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1677899
|
||||
MOZ_ASSERT(XRE_IsContentProcess(),
|
||||
"Parent should not trust other processes.");
|
||||
canFocus = true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIBaseWindow> treeOwnerAsWin = GetTreeOwnerWindow();
|
||||
if (treeOwnerAsWin && (canFocus || isActive)) {
|
||||
|
|
|
@ -532,7 +532,8 @@ class nsGlobalWindowOuter final : public mozilla::dom::EventTarget,
|
|||
bool GetClosedOuter();
|
||||
bool Closed() override;
|
||||
void StopOuter(mozilla::ErrorResult& aError);
|
||||
void FocusOuter(mozilla::dom::CallerType aCallerType, uint64_t aActionId);
|
||||
void FocusOuter(mozilla::dom::CallerType aCallerType, bool aFromOtherProcess,
|
||||
uint64_t aActionId);
|
||||
nsresult Focus(mozilla::dom::CallerType aCallerType) override;
|
||||
void BlurOuter();
|
||||
mozilla::dom::WindowProxyHolder GetFramesOuter();
|
||||
|
|
|
@ -3728,7 +3728,8 @@ mozilla::ipc::IPCResult ContentChild::RecvWindowFocus(
|
|||
("ChildIPC: Trying to send a message to a context without a window"));
|
||||
return IPC_OK();
|
||||
}
|
||||
nsGlobalWindowOuter::Cast(window)->FocusOuter(aCallerType, aActionId);
|
||||
nsGlobalWindowOuter::Cast(window)->FocusOuter(
|
||||
aCallerType, /* aFromOtherProcess */ true, aActionId);
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче