mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1695636 - Part 3: Do not trigger form submission or click event for untrusted key event; r=masayuki 

Differential Revision: https://phabricator.services.mozilla.com/D135464
This commit is contained in:
Edgar Chen 2022-01-12 14:24:02 +00:00
Родитель a7a61c5630
Коммит 8936a84092
2 изменённых файлов: 126 добавлений и 2 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

5
dom/html/HTMLInputElement.cpp
Просмотреть файл

@ -3730,7 +3730,8 @@ nsresult HTMLInputElement::PostHandleEvent(EventChainPostVisitor& aVisitor) {
FireChangeEventIfNeeded();
aVisitor.mEventStatus = nsEventStatus_eConsumeNoDefault;
} else if (!preventDefault) {
if (keyEvent && ActivatesWithKeyboard(mType, keyEvent->mKeyCode)) {
if (keyEvent && ActivatesWithKeyboard(mType, keyEvent->mKeyCode) &&
keyEvent->IsTrusted()) {
// We maybe dispatch a synthesized click for keyboard activation.
HandleKeyboardActivation(aVisitor);
}
@ -3823,7 +3824,7 @@ nsresult HTMLInputElement::PostHandleEvent(EventChainPostVisitor& aVisitor) {
* not submit, period.
*/
if (keyEvent->mKeyCode == NS_VK_RETURN &&
if (keyEvent->mKeyCode == NS_VK_RETURN && keyEvent->IsTrusted() &&
(IsSingleLineTextControl(false, mType) ||
IsDateTimeInputType(mType) ||
mType == FormControlType::InputCheckbox ||

123
testing/web-platform/tests/html/semantics/forms/the-input-element/input-untrusted-key-event.html Normal file
Просмотреть файл

@ -0,0 +1,123 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Forms</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
</head>
<body>
<div id="log"></div>
<form id="input_form">
<input type="submit" value="submit"><br>
</form>
<script type="module">
import inputTypes from "./input-types.js";
const form = document.querySelector("form");
form.addEventListener("submit", (e) => {
e.preventDefault();
assert_true(false, 'form should not be submitted');
});
// Create and append input elements
for (const inputType of inputTypes) {
let input = document.createElement("input");
input.type = inputType;
form.appendChild(input);
}
const submit = document.querySelector("input[type=submit]");
submit.addEventListener("click", function(e) {
assert_true(false, 'input submit should not be clicked');
});
// Start tests
for (const inputType of inputTypes) {
let input = document.querySelector(`input[type=${inputType}]`);
input.addEventListener("click", function(e) {
assert_true(false, `input ${inputType} should not be clicked`);
});
test(() => {
// keyCode: Enter
input.dispatchEvent(
new KeyboardEvent("keypress", {
keyCode: 13,
})
);
// key: Enter
input.dispatchEvent(
new KeyboardEvent("keypress", {
key: "Enter",
})
);
// keyCode: Space
input.dispatchEvent(
new KeyboardEvent("keypress", {
keyCode: 32,
})
);
// key: Space
input.dispatchEvent(
new KeyboardEvent("keypress", {
key: " ",
})
);
}, `Dipatching untrusted keypress events to input ${inputType} should not cause form submission or click event`);
test(() => {
// keyCode: Enter
input.dispatchEvent(
new KeyboardEvent("keydown", {
keyCode: 13,
})
);
input.dispatchEvent(
new KeyboardEvent("keyup", {
keyCode: 13,
})
);
// key: Enter
input.dispatchEvent(
new KeyboardEvent("keydown", {
key: "Enter",
})
);
input.dispatchEvent(
new KeyboardEvent("keyup", {
key: "Enter",
})
);
// keyCode: Space
input.dispatchEvent(
new KeyboardEvent("keydown", {
keyCode: 32,
})
);
input.dispatchEvent(
new KeyboardEvent("keyup", {
keyCode: 32,
})
);
// key: Space
input.dispatchEvent(
new KeyboardEvent("keydown", {
key: " ",
})
);
input.dispatchEvent(
new KeyboardEvent("keyup", {
key: " ",
})
);
}, `Dipatching untrusted keyup/keydown event to input ${inputType} should not cause form submission or click event`);
}
</script>
</body>
</html>