Select Option Dropdown able to Overlap Fullscreen Notification Toast
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
People
(Reporter: sourc7, Assigned: m_kato)
References
(Regression)
Details
(4 keywords, Whiteboard: [reporter-external] [client-bounty-form] [verif?][adv-main115+])
Attachments
(7 files, 1 obsolete file)
|
1.39 KB,
text/html
|
Details | |
|
3.56 MB,
video/mp4
|
Details | |
|
77.85 KB,
video/mp4
|
Details | |
|
1.39 KB,
text/html
|
Details | |
|
121.88 KB,
video/mp4
|
Details | |
|
48 bytes,
text/x-phabricator-request
|
dmeehan
:
approval-mozilla-release+
tjr
:
sec-approval+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
Details | Review |
When trigger requestFullscreen and slowdown code on select option element, the select option dropdown still appear even the browser goes into fullscreen.
Tested on:
- Firefox Nightly 115.0a1 (2023-05-09) (64-bit) on KDE X11
- Firefox Nightly 115.0a1 (2023-05-09) (64-bit) on KDE Wayland
Steps to reproduce:
- Visit attached testcase.html
- Click "AAAAAAAAAAAAAAAAAAAAAAA..." on select option element
- Select option dropdown overlap the fullscreen notification toast
|
Reporter | |
Comment 1•2 years ago
|
||
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 2•2 years ago
|
||
When running this on mozregression, I able to reproduce the select dropdown overlap after below pushlog:
13:49.60 INFO: Last good revision: 9c6c93f01c00b52b10e44257fca3fbdff9109e61
13:49.60 INFO: First bad revision: aa0f92939f44b845804b6d9ba69746d841c6bc49
13:49.60 INFO: Pushlog:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=9c6c93f01c00b52b10e44257fca3fbdff9109e61&tochange=aa0f92939f44b845804b6d9ba69746d841c6bc49
|
|
||
Comment 3•2 years ago
|
||
Assuming I am understanding you correctly, I'm going to mark this as a regression from bug 1744288, as that is related to full screen.
|
||
Comment 4•2 years ago
|
||
Set release status flags based on info from the regressing bug 1744288
:m_kato, since you are the author of the regressor, bug 1744288, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
||
Comment 5•2 years ago
|
||
FWIW, I was unable to repro on Windows 11 or Ubuntu 22.04 (gnome wayland), mccr8 also tried MacOS (no repro). I don't have a KDE install to test with.
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 6•2 years ago
|
||
Irvan, could you reproduce on Ubuntu 22.04 GNOME?
|
|
Assignee | |
Comment 7•2 years ago
|
||
I guess that z-index is same as full screen UI and dropdown. I think that this might be timing issue and this might occurs even if not landing bug 1744288.
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 8•2 years ago
|
||
bug 1744288 changes that requestFullscreen dispatches DOMFullscreen:Request immediately. And select actor tries to open drop down list by mousedown. So select actor won't close drop down list by entering fullscreen.
I think that we use AsyncEventDispatcher instead to fix this.
|
|
Reporter | |
Comment 9•2 years ago
|
||
(In reply to Makoto Kato [:m_kato] from comment #6)
Irvan, could you reproduce on Ubuntu 22.04 GNOME?
I able to reproduce this very reliably on KDE X11 and Wayland on 2 PC with different CPU and screen resolution. I also able to reproduce this on Firefox Nightly 115.0a1 (2023-05-10) (64-bit) on Windows 11 with full-screen-api.transition-duration.enter set to 0 0.
|
|
Reporter | |
Comment 10•2 years ago
|
||
I'll (In reply to Makoto Kato [:m_kato] from comment #6)
Irvan, could you reproduce on Ubuntu 22.04 GNOME?
I haven't tried it on Ubuntu 22.04 GNOME, I'll try it soon.
|
|
Reporter | |
Comment 11•2 years ago
|
||
|
|
Reporter | |
Comment 12•2 years ago
|
||
Alright, by raising the JS slowdown code calculatePrimes(1000, 1000) to calculatePrimes(1000, 11011100) I also able to reproduce the fullscreen overlap with Firefox default configuration (without changing full-screen-api.transition-duration.enter) on Windows 11.
|
|
Assignee | |
Comment 13•2 years ago
|
||
Thanks, Irvan. I make sense this issue (root cause is comment #8)
|
|
Reporter | |
Comment 14•2 years ago
|
||
|
|
Reporter | |
Comment 15•2 years ago
|
||
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Comment 17•2 years ago
|
||
This occurs on 102a1 (20220516215740) too. Although I can reproduce reporter case after landing bug 1744288, I can reproduce my test case that is modified version of bug 1832627 on old version (102a1 (20220516215740)).
|
|
Reporter | |
Comment 18•2 years ago
|
||
(In reply to Makoto Kato [:m_kato] from comment #17)
Created attachment 9333828 [details]
new test caseThis occurs on 102a1 (20220516215740) too. Although I can reproduce reporter case after landing bug 1744288, I can reproduce my test case that is modified version of bug 1832627 on old version (102a1 (20220516215740)).
On my testcase after only single click the select dropdown able to cover the fullscreen toast, so victim unable to see the toast at all, which is more severe, reliable, and straightforward.
On the new testcase it require double click, at the first click the full-screen notification toast is immediately visible to victim, the victim has been notified and will be suspicious here, it is very unlikely to be used for real-life spoof scenario. Also when I tried double-clicking fast it not able to cover the fullscreen toast.
Normally double clicking the select dropdown is able to overlap the fullscreen toast, it possible from long time ago (able to reproduce on Firefox 59.0a1 (2018-01-01) (64-bit) and earlier Firefox version also do)
|
|
Assignee | |
Comment 19•2 years ago
|
||
(In reply to Irvan Kurniawan (:sourc7) from comment #18)
(In reply to Makoto Kato [:m_kato] from comment #17)
Created attachment 9333828 [details]
new test caseThis occurs on 102a1 (20220516215740) too. Although I can reproduce reporter case after landing bug 1744288, I can reproduce my test case that is modified version of bug 1832627 on old version (102a1 (20220516215740)).
On my testcase after only single click the select dropdown able to cover the fullscreen toast, so victim unable to see the toast at all, which is more severe, reliable, and straightforward.
Yes, but when showing full screen notification, I think we should show it on top most even if double click. I can fix our report issue, but I am looking for possible other case, and we need to consider more.
|
|
Assignee | |
Comment 20•2 years ago
|
||
Emilio, is there a way to change fullscreen notification (by fullscreen-and-pointerlock.inc.xhtml) order to topmost at force? When showing XUL's menu item by <select> element during fullscreen notification is shown at same time, XUL menu is topmost, not full screen notification.
|
|
Assignee | |
Comment 21•2 years ago
•
|
||
When writing sample HTML, Chrome/Blink's fullscreen notification order isn't topmost. dropdown by <select> is topmost, not fullscreen notification.
|
||
Comment 22•2 years ago
|
||
Not easily, the select menu is a native os widget. You'd need to turn the pointer lock warning into a <panel> or something like that.
|
||
Comment 23•2 years ago
|
||
This was filed within the collision window of its dupe and therefore eligible for a split bounty
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 24•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 25•2 years ago
|
||
Comment on attachment 9337670 [details]
Bug 1832195 - Don't fire full screen request immediately.
Security Approval Request
- How easily could an exploit be constructed based on the patch?: Not easy. This changes event timing only. I don't think that this issue is full screen related issue.
- Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No
- Which older supported branches are affected by this flaw?: 111
- If not all supported branches, which bug introduced the flaw?: Bug 1744288
- Do you have backports for the affected branches?: Yes
- If not, how different, hard to create, and risky will they be?: N/A
- How likely is this patch to cause regressions; how much testing does it need?: Low. automation test will cover about new regression test
- Is Android affected?: No
|
||
Comment 26•2 years ago
|
||
Comment on attachment 9337670 [details]
Bug 1832195 - Don't fire full screen request immediately.
Approved to request uplift and land
|
||
Comment 27•2 years ago
|
||
:m_kato next week is RC week for Fx115, the last beta build is tomorrow.
Will this land and have an uplift request before then?
|
|
Assignee | |
Comment 28•2 years ago
|
||
Comment on attachment 9337670 [details]
Bug 1832195 - Don't fire full screen request immediately.
Beta/Release Uplift Approval Request
- User impact if declined: fullscreen notification is overlapped by dropdown box.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: Browse https://bugzilla.mozilla.org/attachment.cgi?id=9333117
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low. back to previous event timing for fullscreen.
- String changes made/needed: N/A
- Is Android affected?: No
|
|
Assignee | |
Updated•2 years ago
|
|
||
Comment 29•2 years ago
•
|
||
Landed: https://hg.mozilla.org/integration/autoland/rev/55d4f8fe0d124e37fc86bb6f141a120971df2157
Backed out for causing failures in browser_fullscreen_exit_on_external_protocol.js:
https://hg.mozilla.org/integration/autoland/rev/69b307c902da19e6d641ac54f0b0b8a5d32db4c4
Push with failures
Failure log
[task 2023-06-22T06:55:07.824Z] 06:55:07 INFO - TEST-START | dom/base/test/fullscreen/browser_fullscreen_exit_on_external_protocol.js
[task 2023-06-22T06:55:07.841Z] 06:55:07 INFO - Entering setup bound
[task 2023-06-22T06:55:07.879Z] 06:55:07 INFO - Leaving setup bound
[task 2023-06-22T06:55:07.880Z] 06:55:07 INFO - Entering test bound setupMailHandler
[task 2023-06-22T06:55:07.893Z] 06:55:07 INFO - Leaving test bound setupMailHandler
[task 2023-06-22T06:55:07.894Z] 06:55:07 INFO - Entering test bound OpenExternalProtocolOnPendingFullscreen
[task 2023-06-22T06:55:08.562Z] 06:55:08 INFO - GECKO(3895) | JavaScript error: , line 0: TypeError: Fullscreen request aborted
...
[task 2023-06-22T06:59:10.044Z] 06:59:10 INFO - TEST-UNEXPECTED-FAIL | dom/base/test/fullscreen/browser_fullscreen_exit_on_external_protocol.js | Test timed out -
|
|
Assignee | |
Comment 30•2 years ago
|
||
Due to previous fix, I need to update
browser_fullscreen_exit_on_external_protocol.js since internal fullscreen
event isn't dispatched before request is canceled.
Also, I add one more test for cancelling fullscreen during transition.
|
|
||
Comment 31•2 years ago
|
||
Don't fire full screen request immediately. r=edgar
https://hg.mozilla.org/integration/autoland/rev/b7ae81cb82195ff07478e5474813e06d31b1563d
https://hg.mozilla.org/mozilla-central/rev/b7ae81cb8219
Update browser_fullscreen_exit_on_external_protocol.js. r=edgar
https://hg.mozilla.org/integration/autoland/rev/4e18d0854dc239939d0e1b448a6b51e20d6193d9
https://hg.mozilla.org/mozilla-central/rev/4e18d0854dc2
|
|
||
Updated•2 years ago
|
|
|
||
Comment 32•2 years ago
|
||
Comment on attachment 9337670 [details]
Bug 1832195 - Don't fire full screen request immediately.
115 is now in RC, moving uplift request to release
|
||
Updated•2 years ago
|
|
|
||
Comment 33•2 years ago
|
||
The patch landed in nightly and beta is affected.
:m_kato, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox115towontfix.
For more information, please visit BugBot documentation.
|
||
Comment 35•2 years ago
|
||
Reproduced the initial issue using an old Nightly build from 2023-05-09 and the testcase provided, verified that using latest Nightly from today (2023-05-27/28) this is no longer an issue, I can see the same behavior as in Firefox esr102, the fullscreen notification if visible when entering fullscreen mode across platforms (Windows 10, Ubuntu 22.04 and macOS 13.2).
|
|
||
Updated•2 years ago
|
|
|
||
Comment 36•2 years ago
|
||
Comment on attachment 9337670 [details]
Bug 1832195 - Don't fire full screen request immediately.
Approved for 115.0 RC2
|
|
||
Comment 37•2 years ago
|
||
|
|
||
Comment 38•2 years ago
|
||
| uplift | ||
|
|
||
Comment 39•2 years ago
|
||
(In reply to Bogdan Maris, Desktop QA from comment #35)
Reproduced the initial issue using an old Nightly build from 2023-05-09 and the testcase provided, verified that using latest Nightly from today (2023-05-27/28) this is no longer an issue, I can see the same behavior as in Firefox esr102, the fullscreen notification if visible when entering fullscreen mode across platforms (Windows 10, Ubuntu 22.04 and macOS 13.2).
Also verified on Firefox 115.0-build2 and 115.0esr-build2 on the same platforms as above.
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Updated•1 year ago
|
Description
•