Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041018 Firefox/1.0 textarea.select() steals focus from other tabs. (textbox.select() and textarea.focus() do not.) This is a security hole because it can cause typed information to go to a tab other than the selected one.
Created attachment 162732 [details] [diff] [review] Fix.
Comment on attachment 162732 [details] [diff] [review] Fix. This is not quite the same code as what's in nsHTMLInputElement::Select()... that code calls nsTextControlFrame::SetFocus even if the event was discarded. We probably want to change that code to be like this code, we don't want a partial focus.
Comment on attachment 162732 [details] [diff] [review] Fix. a=chofmann for the branch
Fixed on the aviary branch, leaving bug open to track the issue the bryner pointed out as this gets merged onto the trunk...
using the demo test here, this looks fixed with 2004102109-0.9+ on linux fc2.
also vrfy'd fixed on mac os x 10.3.5, 2004102107-0.9+ bits.
fixed on Windows too; FF build 2004-10-21-07-0.9
Making public because this bug has the same impact as bug 124750 and because there hasn't been a hotfix or release since 124750 was fixed.
Will this be checked in to the 1.7.x branch, too?
You might want to take a look at bug 265456. It describes a method in which you can still focus a textarea in a background tab, by using createEvent.
Is this the same bug as in bug 138646 only for a different function (textarea.select not textbox.blur)?
Can we get a 1.7 fix for this please?
Not a firefox specific bug.
Comment on attachment 162732 [details] [diff] [review] Fix. This patch fixes this for SeaMonkey as well. Requesting 1.7.5 approval.
Comment on attachment 162732 [details] [diff] [review] Fix. a=mkaply for 1.7.5 checkin
Has this landed on the trunk? If so why is it still open?
This was checked into the trunk 2004-11-04
13 years ago