Closed
Bug 1235594
Opened 9 years ago
Closed 7 years ago
Web sites can steal ctrl+f
Categories
(DevTools :: General, defect)
DevTools
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: calestyo, Unassigned)
Details
Hey.
This is basically the same as #1008772.
Websites, e.g. contacts.google.com can apparently steal Ctrl+F.
Instead of opening FF's search bar, which searches the current website, it instead goes forcibly to google's search field on the site (which searches however something completely different).
It's quite worrying that FF allows websites to steal so many key combinations... especially also from a security PoV.
Chris.
Comment 1•9 years ago
|
||
For clarity- It appears the first ctrl-f is captured. All subsequent ctrl-f's go to the browser's find handler. This is similar to chrome.
Comment 2•7 years ago
|
||
I don't think this is Developer Tools related, is it? I don't think DevTools can do anything about this, am I correct, Patrick?
Furthermore, I'm not sure up until which point can we get in the way of the website. How are they going to know all the shortcuts all browsers use?
(Sorry for the late response, sometimes bugs slip through the gaps)
Flags: needinfo?(pbrosset)
Comment 3•7 years ago
|
||
Sole is correct, this isn't a devtools thing, and there is not much the browser can do here.
e.preventDefault() can give websites a lot of power. And this is used by many of them to create nice user experiences.
Anyway, this:
addEventListener("keydown", e => {
if (e.ctrlKey && e.key === "f") {
document.body.appendChild(document.createTextNode("ctrl+F"));
e.preventDefault();
}
});
will capture ctrl+F on all browsers and prevent the search box from opening.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(pbrosset)
Resolution: --- → WONTFIX
Comment 4•7 years ago
|
||
Another similar thing is "ctrl shift T" in a gmail message => instead of reopening the last closed tab, it moves to the next field in the message.
I believe we could do something in Firefox, like a pref preventing a website from stealing apps and system shortcuts. Or maybe a doorhanger notification "We noticed this website handled this shortcut that's also used by Firefox, do you want to execute this action instead?". At least this is not in devtools but maybe a bug could be filed against the Firefox product.
Updated•6 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•