Closed
Bug 265729
Opened 20 years ago
Closed 19 years ago
Browser's event handlers should not see untrusted events from content
Categories
(Core :: DOM: UI Events & Focus Handling, enhancement)
Tracking
()
RESOLVED
DUPLICATE
of bug 289940
People
(Reporter: jruderman, Unassigned)
Details
Untrusted (synthetic) events have been a major source of security holes: bug 108104, bug 257431, bug 265176, bug 265456, bug 265680, bug 265728, bug 263960. The fixes usually involve making the event handlers return immediately if the event's isTrusted property is false. If possible, we should plug these holes once and for all by not sending untrusted events to C++, chrome XUL, and chrome JS handlers. If some handlers need to see synthetic events that originated in content (why?), they should have to somehow specifically ask to receive those events.
Reporter | ||
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 289940 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Updated•5 years ago
|
Component: Event Handling → User events and focus handling
You need to log in
before you can comment on or make changes to this bug.
Description
•