Drag-and-drop should be considered in content analysis
Categories
(Firefox :: Data Loss Prevention, task)
Tracking
()
People
(Reporter: handyman, Assigned: handyman)
References
(Blocks 1 open bug, Regressed 2 open bugs)
Details
Attachments
(10 files, 7 obsolete files)
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
Details | Review | |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
This is a new bug to continue the work in bug 1871222, which we moved away from for bookkeeping reasons.
|
Assignee | |
Comment 1•4 months ago
|
||
The mock situation is such that we reuse a lot of the static ContentAnalysis
class behavior involved in drag and drop here. We only need to block some
methods and mock AnalyzeRemoteDropEvent.
This test is very similar to browser_dragdrop.js -- it just adds content
analysis to that test.
|
|
Assignee | |
Comment 2•4 months ago
|
||
Sends OOP drop events to content analysis for approval before sending them to
the DOM. This first happens in EventStateManager::DispatchCrossProcessEvent,
where we detect the potential need for content analysis (and present a modal
dialog on the tab). The drag session then ends as usual in the parent process
but remains open on the related widget in the process where it would be sent to
the DOM while the drop is being analyzed. The child process will send either
CancelAnalyzeDropEvent, if CA isn't needed, or AnalyzeDropEvent, if it is. On
AnalyzeDropEvent, CA will respond by sending ContentAnalysisDropResult back to
the child with the verdict, which will result in either a drop event (on
approval) or dragLeave (otherwise). Calls to EndDragSession are delayed during
this.
|
|
Assignee | |
Comment 3•3 months ago
|
||
Sends OOP drop events to content analysis for approval before sending them to
the DOM. It intercepts drop events at the browser level and sends them to CA
before calling stopPropagation and preventDefault on them. (CA also presents a
modal dialog over the tab.) The drag session then ends as usual in the parent
process but remains open on the related browser in the process where it would be
sent to the DOM while the drop is being analyzed. While CA runs, the browser
dispatches an eQueryDropTargetHittest event to locate the drop target while the
event screen coordinates are still valid. When CA is complete, a drop or
dragLeave event is sent to the drop target (dragLeave if the drop was not
approved by CA). Calls to EndDragSession are delayed during this.
|
||
Updated•3 months ago
|
|
|
Assignee | |
Comment 4•3 months ago
|
||
This reuses parts of the dom/events test to test that content analysis is
consulted and respected for in-browser drags with drops in the same frame and
between frames/windows with same or different origin.
|
|
Assignee | |
Comment 5•3 months ago
|
||
This fixes four issues:
- The test didn't provide enough movement to generate a drag session on the
source before moving to the target. This meant that, when they were in
different windows, Gecko wouldn't send dragleave to the source or dragenter
to the target. It also never sent dragenter to the source in the first
place. This remedies that. - dragenter and dragleave weren't properly handled because the test was sending
dragleaves instead of dragexits (the latter being what Gecko expects and the
former being synthesized from that -- see e.g. nsNativeDragTarget::DragLeave).
This now uses dragexits and sets the proper expectations. - expectProtectedDataTransferAccess was needlessly complicated and, after #1,
gave the wrong answers for some events like dragenter called on the source. - The event handler wasn't checking for exceptions and the drop handler was
intentionally causing one, which was causing it to miss the rest of its
execution.
|
|
Assignee | |
Comment 6•3 months ago
|
||
This was causing "AbortError: Actor 'SpecialPowers' destroyed before query
'Spawn' was resolved" failures.
|
|
||
Updated•3 months ago
|
|
|
||
Updated•3 months ago
|
|
|
Assignee | |
Comment 7•3 months ago
|
||
Without this, we assert when releasing the request on the background thread when
we hit an error, such as the DLP agent not running.
|
||
Comment 10•2 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/db9d1823ea80
https://hg.mozilla.org/mozilla-central/rev/778a6530fceb
https://hg.mozilla.org/mozilla-central/rev/f50209dd351a
https://hg.mozilla.org/mozilla-central/rev/b3503e3442a2
https://hg.mozilla.org/mozilla-central/rev/48d0e3a22a05
|
||
Comment 11•17 days ago
|
||
Sends OOP drop events to content analysis for approval before sending them to
the DOM. It intercepts drop events at the browser level and sends them to CA
before calling stopPropagation and preventDefault on them. (CA also presents a
modal dialog over the tab.) The drag session then ends as usual in the parent
process but remains open on the related browser in the process where it would be
sent to the DOM while the drop is being analyzed. While CA runs, the browser
dispatches an eQueryDropTargetHittest event to locate the drop target while the
event screen coordinates are still valid. When CA is complete, a drop or
dragexit event is sent to the drop target (drop if it was approved by CA). Calls
to EndDragSession are delayed during this.
Original Revision: https://phabricator.services.mozilla.com/D219201
|
|
||
Updated•17 days ago
|
|
|
||
Comment 12•17 days ago
|
||
This reuses parts of the dom/events test to test that content analysis is
consulted and respected for in-browser drags with drops in the same frame and
between frames/windows with same or different origin.
Original Revision: https://phabricator.services.mozilla.com/D219549
|
|
||
Updated•17 days ago
|
|
|
||
Comment 13•17 days ago
|
||
This fixes four issues:
- The test didn't provide enough movement to generate a drag session on the
source before moving to the target. This meant that, when they were in
different windows, Gecko wouldn't send dragleave to the source or dragenter
to the target. It also never sent dragenter to the source in the first
place. This remedies that. - dragenter and dragleave weren't properly handled because the test was sending
dragleaves instead of dragexits (the latter being what Gecko expects and the
former being synthesized from that -- see e.g. nsNativeDragTarget::DragLeave).
This now uses dragexits and sets the proper expectations. - expectProtectedDataTransferAccess was needlessly complicated and, after #1,
gave the wrong answers for some events like dragenter called on the source. - The event handler wasn't checking for exceptions and the drop handler was
intentionally causing one, which was causing it to miss the rest of its
execution.
Original Revision: https://phabricator.services.mozilla.com/D219550
|
|
||
Updated•17 days ago
|
|
|
||
Comment 14•17 days ago
|
||
This was causing "AbortError: Actor 'SpecialPowers' destroyed before query
'Spawn' was resolved" failures.
Original Revision: https://phabricator.services.mozilla.com/D219551
|
|
||
Updated•17 days ago
|
|
|
||
Comment 15•17 days ago
|
||
Without this, we assert when releasing the request on the background thread when
we hit an error, such as the DLP agent not running.
Original Revision: https://phabricator.services.mozilla.com/D220617
|
|
||
Updated•17 days ago
|
|
|
||
Comment 16•17 days ago
|
||
esr128 Uplift Approval Request
- User impact if declined: DLP won't cover drag and drop interception point
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: yes
- Steps to reproduce for manual QE testing: (QA team has a detailed test plan for this feature)
- Risk associated with taking this patch: medium
- Explanation of risk level: there are a few known regressions, but the only bad ones for non-DLP reasons will be uplifted as well
- String changes made/needed: no
- Is Android affected?: no
|
|
||
Comment 17•17 days ago
|
||
Sends OOP drop events to content analysis for approval before sending them to
the DOM. It intercepts drop events at the browser level and sends them to CA
before calling stopPropagation and preventDefault on them. (CA also presents a
modal dialog over the tab.) The drag session then ends as usual in the parent
process but remains open on the related browser in the process where it would be
sent to the DOM while the drop is being analyzed. While CA runs, the browser
dispatches an eQueryDropTargetHittest event to locate the drop target while the
event screen coordinates are still valid. When CA is complete, a drop or
dragexit event is sent to the drop target (drop if it was approved by CA). Calls
to EndDragSession are delayed during this.
|
|
||
Updated•17 days ago
|
|
|
||
Comment 18•17 days ago
|
||
This reuses parts of the dom/events test to test that content analysis is
consulted and respected for in-browser drags with drops in the same frame and
between frames/windows with same or different origin.
Original Revision: https://phabricator.services.mozilla.com/D219549
|
|
||
Updated•17 days ago
|
|
|
||
Comment 19•17 days ago
|
||
This fixes four issues:
- The test didn't provide enough movement to generate a drag session on the
source before moving to the target. This meant that, when they were in
different windows, Gecko wouldn't send dragleave to the source or dragenter
to the target. It also never sent dragenter to the source in the first
place. This remedies that. - dragenter and dragleave weren't properly handled because the test was sending
dragleaves instead of dragexits (the latter being what Gecko expects and the
former being synthesized from that -- see e.g. nsNativeDragTarget::DragLeave).
This now uses dragexits and sets the proper expectations. - expectProtectedDataTransferAccess was needlessly complicated and, after #1,
gave the wrong answers for some events like dragenter called on the source. - The event handler wasn't checking for exceptions and the drop handler was
intentionally causing one, which was causing it to miss the rest of its
execution.
Original Revision: https://phabricator.services.mozilla.com/D219550
|
|
||
Updated•17 days ago
|
|
|
||
Comment 20•17 days ago
|
||
This was causing "AbortError: Actor 'SpecialPowers' destroyed before query
'Spawn' was resolved" failures.
Original Revision: https://phabricator.services.mozilla.com/D219551
|
|
||
Updated•17 days ago
|
|
|
||
Comment 21•17 days ago
|
||
Without this, we assert when releasing the request on the background thread when
we hit an error, such as the DLP agent not running.
Original Revision: https://phabricator.services.mozilla.com/D220617
|
|
||
Updated•17 days ago
|
|
|
||
Comment 22•17 days ago
|
||
esr128 Uplift Approval Request
- User impact if declined: DLP won't cover drag and drop interception point
- Code covered by automated testing: yes
- Fix verified in Nightly: yes
- Needs manual QE test: yes
- Steps to reproduce for manual QE testing: (QA team has a detailed test plan for this feature)
- Risk associated with taking this patch: medium
- Explanation of risk level: there are a few known regressions, but the only bad ones for non-DLP reasons will be uplifted as well
- String changes made/needed: no
- Is Android affected?: no
|
|
||
Updated•17 days ago
|
|
|
||
Updated•17 days ago
|
|
|
||
Updated•17 days ago
|
|
|
||
Updated•17 days ago
|
|
|
||
Updated•17 days ago
|
|
|
||
Updated•12 days ago
|
|
|
||
Updated•12 days ago
|
|
|
||
Updated•12 days ago
|
|
|
||
Updated•12 days ago
|
|
|
||
Updated•12 days ago
|
|
||
Updated•12 days ago
|
|
||
Comment 23•12 days ago
|
||
| uplift | ||
Description
•