Closed Bug 2034292 Opened 2 months ago Closed 2 months ago

Fullscreen Keyboard Lock does not intercept ctrl+tab and keyboard events dispatched to chrome listeners

Categories

(Core :: DOM: Core & HTML, defect, P1)

Firefox 152
x86_64
Linux
defect

Tracking

()

RESOLVED FIXED
152 Branch
Tracking Status
firefox151 + fixed
firefox152 --- fixed

People

(Reporter: intelfx, Assigned: sfarre)

References

Details

Attachments

(4 files, 2 obsolete files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:152.0) Gecko/20100101 Firefox/152.0

Steps to reproduce:

  • Implemented a minimal test for Fullscreen Keyboard Lock API (Bug 700123):
<html>
<script>
function foo() {
	let b = document.getElementById("go");
	b.addEventListener("mouseup", function() {
		let d = document.getElementById("dump");
		d.requestFullscreen({"keyboardLock": "browser"}).then(function() {
			let handler = function(name, ev) {
				ev.preventDefault();
				d.innerText += `${name}: ${ev.code}\n`;
			};
			let b = document.getElementById("body");
			b.addEventListener("keyup", (ev) => handler("keyup", ev));
			b.addEventListener("keydown", (ev) => handler("keydown", ev));
		});
	});
}
</script>
<body id="body" onload="foo()">
	<button id="go">Go fullscreen</button>
	<div id="dump">Press the button ^^^ and try some hotkeys</div>
</body>
</html>

Actual results:

Web application does not receive key combinations such as Alt-Tab/Meta-Tab (passed through to the OS compositor) or Ctrl-Tab (switches tabs in the browser).

Expected results:

  • at least, Ctrl-Tab (browser-level key combination, handled within Firefox for tab switching) should be interceptable always;

  • at most, Alt-Tab/Meta-Tab (system-level key combinations, typically handled in the OS windowing system/compositor) should be interceptable, pending permission from the user.

All three key combinations are supported (i.e. interceptable) in Chromium.

The specific use-case for supporting these key combinations is for remote control, such as a Web UI for an IP-KVM, which we are developing. The Web UI presents a full-screen view of a remote desktop. When interacting with such a full-screen view of a remote desktop (e.g., with a web browser opened on the remote end), the user expectation is that all keys (including window or tab management keys) are forwarded to the remote host being controlled (which is what appears on screen), rather than affect the local machine (whose UI is not visible at all).

Component: Untriaged → DOM: Core & HTML
OS: Unspecified → Linux
Product: Firefox → Core
Hardware: Unspecified → x86_64

When keyboard lock is enabled, don't preventDefault
ctrl+tab/ctrl+shift+tab and don't run the normal behavior either, as
this will change tabs and take us out of fullscreen.

Assignee: nobody → sfarre
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

I think we can allow ctrl-tab to be intercepted, or even make it not switch tabs by default while in fullscreen keyboard lock (which is what happens in Safari and Chrome).

Safari and Chrome don't allow cmd+tab to be intercepted on macOS. Chrome apparently allows it on Linux. I understand the remote desktop use case, but it needs to be balanced against user security for hostile web content. As for user permission, it seems it was tried and decided against in Chrome, see https://developer.chrome.com/blog/keyboard-lock-pointer-lock-permission

For now, I think we shouldn't allow OS app switching shortcuts to be intercepted on any platform. Remote desktop like apps can use ctrl+tab or so instead.

Priority: -- → P1

This adds a flag to the event, that prevents it from being fired to
mozSystemGroup listeners if keybboard lock is enabled.

As per discussion on slack with :kagami the second patch probably is more future proof, given that it doesn't let UI potentially capture and e.preventDefault() keyboard events.

Simon - once we're good with the scope, please refine the bug title to make it more specific, which will help future tracking. Thanks.

Summary: Fullscreen Keyboard Lock does not intercept several key combinations → Fullscreen Keyboard Lock does not intercept ctrl+tab and keyboard events dispatched to chrome listeners
Attachment #9573383 - Attachment is obsolete: true
Attachment #9573441 - Attachment is obsolete: true

(In reply to Simon Pieters [:zcorpan] from comment #4)

I think we can allow ctrl-tab to be intercepted, or even make it not switch tabs by default while in fullscreen keyboard lock (which is what happens in Safari and Chrome).

Safari and Chrome don't allow cmd+tab to be intercepted on macOS. Chrome apparently allows it on Linux. I understand the remote desktop use case, but it needs to be balanced against user security for hostile web content. As for user permission, it seems it was tried and decided against in Chrome, see https://developer.chrome.com/blog/keyboard-lock-pointer-lock-permission

For now, I think we shouldn't allow OS app switching shortcuts to be intercepted on any platform. Remote desktop like apps can use ctrl+tab or so instead.

I don't think that's right. At least on GNOME/Wayland, Chromium does intercept OS-level key combinations, via the user permission request. As far as I undestand, this happens via the keyboard-shortcuts-inhibit-unstable-v1 protocol and subsequently GNOME Shell requesting the user permission.

I believe this should be considered a Chrome feature parity issue, as this would be highly relevant for the remote-desktop use case (and subsequently steer users of such products away from Firefox, as it happens right now).

Attachment #9573526 - Attachment description: Bug 2034292 - Make content always handle event first if keyboard lock is active r=#dom-core! → Bug 2034292 - Make tabbrowser.js, tabbox.js and browser-ctrlTab.js forward events to content process first if keyboard lock is active r=#dom-core!
Severity: -- → S3

The bug is marked as tracked for firefox151 (beta). However, the bug still has low severity.

:hsinyi, could you please increase the severity for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(htsai)

It's a shipping blocker for a new feature, which doesn't and shouldn't cause impact in the wild when the feature is released. S3 is right.

Flags: needinfo?(htsai)
Pushed by sfarre@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/1c67572d3d24 https://hg.mozilla.org/integration/autoland/rev/0fca3a5e69dd Make tabbrowser.js, tabbox.js and browser-ctrlTab.js forward events to content process first if keyboard lock is active r=dom-core,tabbrowser-reviewers,masayuki,smaug,edgar,sclements
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 152 Branch

Please add a beta uplift request

firefox-beta Uplift Approval Request

  • User impact if declined/Reason for urgency: Keyboard lock will break if user presses ctrl+tab.
  • Code covered by automated testing?: yes
  • Fix verified in Nightly?: yes
  • Needs manual QE testing?: no
  • Steps to reproduce for manual QE testing:
  • Risk associated with taking this patch: low
  • Explanation of risk level: New behavior only triggered when keyboard lock is active.
  • String changes made/needed?: No
  • Is Android affected?: no
Attachment #9583566 - Flags: approval-mozilla-beta?

This gives content a chance to deal with the input before chrome and
potentially preventDefault() them.

Original Revision: https://phabricator.services.mozilla.com/D296377

Attachment #9583566 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: