Closed Bug 1211258 Opened 9 years ago Closed 9 years ago

window.open doesn't mark the original now-background window to be in background

Categories

(Firefox OS Graveyard :: Gaia::System::Window Mgmt, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::System::Window Mgmt
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:2.5?, b2g-v2.0 ?, b2g-v2.0M ?, b2g-v2.1 ?, b2g-v2.1S ?, b2g-v2.2 ?, b2g-v2.2r ?, b2g-master affected)

Status:
RESOLVED FIXED
Project Flags:
blocking-b2g 2.5?
Tracking Flags:
Tracking Status
b2g-v2.0 --- ?
b2g-v2.0M --- ?
b2g-v2.1 --- ?
b2g-v2.1S --- ?
b2g-v2.2 --- ?
b2g-v2.2r --- ?
b2g-master --- affected

People

(Reporter: smaug, Assigned: etienne)

References

Details

(Keywords: sec-high)

Attachments

(2 files, 2 obsolete files)

deviceorientation test
1.15 KB, text/html
Details
New PR
46 bytes, text/x-github-pull-request
apastor
: review+
Details | Review
Attached file deviceorientation test
When window.open is used, the original window object doesn't get marked to be in background. <a href="..." target="_blank"> doesn't seem to have that issue. Based on the test in bug 1197901, on Android the original window is marked to be in background. (and on desktop we open a new window, which causes the original window to be marked "non-active"). So this is FFOS specific issue. This effectively breaks the fix for bug 681562.
(In reply to Olli Pettay [:smaug] from comment #0) > This effectively breaks the fix for bug 681562. or perhaps more accurate is to say that fixing bug 1197901 isn't possible.
[Blocking Requested - why for this release]:
blocking-b2g: --- → 2.5?
Olli, does this mean that the original window will continue to get inputs while it is in the background? That sounds bad.
Keywords: sec-high
Not input, but it gets sensor events, while per bug 681562, or its variant bug 1197901, it shouldn't. Also, I think this means the original window keeps processing JS timers as if the window was in foreground, so this could lead to higher power usage than it should (but I haven't yet tested setTimeout handling).
kanru, do you think you could find someone to look at this? I'm not familiar with ffos/gaia window management. I think we need to fix this before the patch for bug 1197901 can land.
Flags: needinfo?(kchen)
The gaia system window manager lacks a owner. Tim, do you know who could look at this? Etienne, from the log it seems you are the most possible one.
Flags: needinfo?(timdream)
Flags: needinfo?(kchen)
Flags: needinfo?(etienne)
Etienne and :albertopq are the owners. This is never documented anywhere I think (unfortunately), but depend on the feature string we are using different code path (and UI) to show the opened window. Maybe only one of that has this problem?
Flags: needinfo?(timdream)
mozbrowseropenwindow event is handled in ChildWindowFactory and setVisible() should be called by AppTransitionController. We must have some rule somewhere prevent setVisible(false) being called there, to work around maybe keeping the rendering or memory priority before. Find it and remove that and this bug will be fixed. Does this bug means any kind of workaround that delays setVisible(false) is considered a security risk and should never be used in the future?
(In reply to Tim Guan-tin Chien [:timdream] (OOO Oct 9-18; please ni? to queue) from comment #8) > mozbrowseropenwindow event is handled in ChildWindowFactory and setVisible() > should be called by AppTransitionController. We must have some rule > somewhere prevent setVisible(false) being called there, to work around maybe > keeping the rendering or memory priority before. Find it and remove that and > this bug will be fixed. > > Does this bug means any kind of workaround that delays setVisible(false) is > considered a security risk and should never be used in the future? Correction: AppTransitionController instance on the ChildWindow instance (the popup) only control the visibility of the popup itself. The problem here [1] compare to [2] is explained in the comment on [1]: we don't have a "ChildWindowManager" to transition away (and setVisible(false) the underlining window. [1] https://github.com/mozilla-b2g/gaia/blob/77d463a009a1425e413edaae92b237e116708560/apps/system/js/popup_window.js#L105-L114 [2] https://github.com/mozilla-b2g/gaia/blob/77d463a009a1425e413edaae92b237e116708560/apps/system/js/app_window.js#L1937-L1950 It might still possible to fix this by overloading the ChildWindowFactory and ask it to take some responsibility of the ChildWindowManager for now ...
(In reply to Tim Guan-tin Chien [:timdream] (OOO Oct 9-18; please ni? to queue) from comment #8) > mozbrowseropenwindow event is handled in ChildWindowFactory and setVisible() > should be called by AppTransitionController. We must have some rule > somewhere prevent setVisible(false) being called there, to work around maybe > keeping the rendering or memory priority before. Find it and remove that and > this bug will be fixed. > > Does this bug means any kind of workaround that delays setVisible(false) is > considered a security risk and should never be used in the future? Since the rendering cache purging behavior has been fixed, IMO setVisible(false) has no reason to be delayed.
(In reply to Kan-Ru Chen [:kanru] (UTC+8) from comment #10) > (In reply to Tim Guan-tin Chien [:timdream] (OOO Oct 9-18; please ni? to > queue) from comment #8) > > mozbrowseropenwindow event is handled in ChildWindowFactory and setVisible() > > should be called by AppTransitionController. We must have some rule > > somewhere prevent setVisible(false) being called there, to work around maybe > > keeping the rendering or memory priority before. Find it and remove that and > > this bug will be fixed. > > > > Does this bug means any kind of workaround that delays setVisible(false) is > > considered a security risk and should never be used in the future? > > Since the rendering cache purging behavior has been fixed, IMO > setVisible(false) has no reason to be delayed. Right, but I am sorry, comment 8 is actually not the cause of this bug.
The fix turned out to be quite easy...
Assignee: nobody → timdream
Status: NEW → ASSIGNED
The reason this is easier than what I've thought is because there can be only one frontWindow per AppWindow, so if a frame attempts to window.open() many times, the last popup will replace the previous ones. Like wise, if an popup opens another popup, itself will not be replaced but instead itself will become the rearWindow of the new frontWindow. Therefore, the fix is simple -- make sure the code calls requestOpen|requestClose of the PopupWindow and make sure PopupWindow toggle the visibility of the to-be-hidden rearWindow. (If this get r+ after Thu noon Taipei time, someone have to merge this for me.)
Attachment #8670668 - Flags: review?(etienne)
Attachment #8670668 - Flags: review?(apastor)
Comment on attachment 8670668 [details] [review] https://github.com/mozilla-b2g/gaia/pull/32289 Commented on github, I think there's a simpler fix.
Flags: needinfo?(etienne)
Attachment #8670668 - Flags: review?(etienne)
Attachment #8670668 - Flags: review?(apastor)
New patch according to your suggestion. I am taking PTO so please merge this for me.
Attachment #8670668 - Attachment is obsolete: true
Attachment #8671123 - Flags: review?(etienne)
Comment on attachment 8671123 [details] [review] https://github.com/mozilla-b2g/gaia/pull/32313 (In reply to Tim Guan-tin Chien [:timdream] (OOO Oct 9-18; please ni? to queue) from comment #15) > Created attachment 8671123 [details] [review] > https://github.com/mozilla-b2g/gaia/pull/32313 > > New patch according to your suggestion. > > I am taking PTO so please merge this for me. Arg. Just found a case we're not handling properly. I'll send a patch and ask Alberto for review not to block this bug.
Attachment #8671123 - Flags: review?(etienne)
Attached file New PR
Attachment #8671123 - Attachment is obsolete: true
Attachment #8671254 - Flags: review?(apastor)
Comment on attachment 8671254 [details] [review] New PR LGTM. Thanks!
Attachment #8671254 - Flags: review?(apastor) → review+
https://github.com/mozilla-b2g/gaia/commit/ea4dd0d9149f28c6daf3a627be47000b23336ca0 Thanks!
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Assignee: timdream → etienne
Group: b2g-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: