Last Comment Bug 265055 - textarea.select() can steal focus from other tabs
: textarea.select() can steal focus from other tabs
Status: RESOLVED FIXED
: csectype-disclosure, csectype-spoof, fixed-aviary1.0, fixed1.4.4, fixed1.7.5, sec-moderate, testcase
Product: SeaMonkey
Classification: Client Software
Component: Tabbed Browser (show other bugs)
: 1.0 Branch
: All All
: -- normal (vote)
: ---
Assigned To: Johnny Stenback (:jst, jst@mozilla.com)
:
Mentors:
Depends on: 124750
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-19 05:32 PDT by Jesse Ruderman
Modified: 2013-06-09 18:57 PDT (History)
11 users (show)
chofmann: blocking‑aviary1.0+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
demo (710 bytes, text/html)
2004-10-19 05:43 PDT, Jesse Ruderman
no flags Details
Fix. (1.55 KB, patch)
2004-10-20 11:22 PDT, Johnny Stenback (:jst, jst@mozilla.com)
bryner: superreview+
chofmann: approval‑aviary+
mozilla: approval1.7.5+
Details | Diff | Review

Description Jesse Ruderman 2004-10-19 05:32:58 PDT
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041018 Firefox/1.0

textarea.select() steals focus from other tabs.  (textbox.select() and
textarea.focus() do not.)  This is a security hole because it can cause typed
information to go to a tab other than the selected one.
Comment 1 Jesse Ruderman 2004-10-19 05:43:29 PDT
Created attachment 162574 [details]
demo
Comment 2 Johnny Stenback (:jst, jst@mozilla.com) 2004-10-20 11:22:22 PDT
Created attachment 162732 [details] [diff] [review]
Fix.
Comment 3 Brian Ryner (not reading) 2004-10-20 14:31:18 PDT
Comment on attachment 162732 [details] [diff] [review]
Fix.

This is not quite the same code as what's in nsHTMLInputElement::Select()...
that code calls nsTextControlFrame::SetFocus even if the event was discarded.
We probably want to change that code to be like this code, we don't want a
partial focus.
Comment 4 chris hofmann 2004-10-20 16:47:27 PDT
Comment on attachment 162732 [details] [diff] [review]
Fix.

a=chofmann for the branch
Comment 5 Johnny Stenback (:jst, jst@mozilla.com) 2004-10-20 18:05:11 PDT
Fixed on the aviary branch, leaving bug open to track the issue the bryner
pointed out as this gets merged onto the trunk...
Comment 6 sairuh (rarely reading bugmail) 2004-10-21 12:27:04 PDT
using the demo test here, this looks fixed with 2004102109-0.9+ on linux fc2.
Comment 7 sairuh (rarely reading bugmail) 2004-10-21 12:39:34 PDT
also vrfy'd fixed on mac os x 10.3.5, 2004102107-0.9+ bits.
Comment 8 Tracy Walker [:tracy] 2004-10-21 12:53:49 PDT
fixed on Windows too; FF build 2004-10-21-07-0.9
Comment 9 Jesse Ruderman 2004-10-21 17:24:15 PDT
Making public because this bug has the same impact as bug 124750 and because
there hasn't been a hotfix or release since 124750 was fixed.
Comment 10 Oliver Klee 2004-10-22 00:03:29 PDT
Will this be checked in to the 1.7.x branch, too?
Comment 11 Martijn Wargers [:mwargers] (gone per 2016-05-31 :-( ) 2004-10-22 01:51:44 PDT
You might want to take a look at bug 265456. It describes a method in which you
can still focus a textarea in a background tab, by using createEvent.
Comment 12 Sven Jost 2004-11-08 03:02:26 PST
Is this the same bug as in bug 138646 only for a different function
(textarea.select not textbox.blur)?
Comment 13 Mike Kaply [:mkaply] 2004-11-29 12:31:51 PST
Can we get a 1.7 fix for this please?
Comment 14 Johnny Stenback (:jst, jst@mozilla.com) 2004-12-06 15:53:32 PST
Not a firefox specific bug.
Comment 15 Johnny Stenback (:jst, jst@mozilla.com) 2004-12-06 15:57:21 PST
Comment on attachment 162732 [details] [diff] [review]
Fix.

This patch fixes this for SeaMonkey as well. Requesting 1.7.5 approval.
Comment 16 Mike Kaply [:mkaply] 2004-12-07 05:29:04 PST
Comment on attachment 162732 [details] [diff] [review]
Fix.

a=mkaply for 1.7.5 checkin
Comment 17 Daniel Veditz [:dveditz] 2005-01-12 17:11:24 PST
Has this landed on the trunk? If so why is it still open?
Comment 18 Daniel Veditz [:dveditz] 2005-01-13 00:58:58 PST
This was checked into the trunk 2004-11-04

Note You need to log in before you can comment on or make changes to this bug.