Closed Bug 1864353 Opened 2 years ago Closed 2 years ago

Require trusted input for invokers

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: lwarlow, Unassigned)

References

(Blocks 1 open bug)

Details

Luke Warlow

Reporter

Description

•

2 years ago

Currently invokers work when the invoking button is triggered progamatically via .click() (or via equivalent activations from keyboard I'm guessing).

This needs changing to require an actual user click as part of the security mitigations of invokers.

Luke Warlow

Reporter

Updated

•

2 years ago

Blocks: 1856430

Luke Warlow

Reporter

Updated

•

2 years ago

See Also: → https://bugs.chromium.org/p/chromium/issues/detail?id=1501647

Andrew McCreight [:mccr8]

Updated

•

2 years ago

Severity: -- → S3

Luke Warlow

Reporter

Comment 1

•

2 years ago

Closing as wontfix based on https://github.com/openui/open-ui/issues/945#issuecomment-1815229335

Status: UNCONFIRMED → RESOLVED

Closed: 2 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Require trusted input for invokers

Categories

(Core :: DOM: Core & HTML, defect)

Tracking

()

People

(Reporter: lwarlow, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 1