Closed Bug 265680 Opened 20 years ago Closed 20 years ago

Websites may turn caret browsing on and off using synthetic events

Categories

(Core :: DOM: UI Events & Focus Handling, defect)

Product:
Core
Component:
DOM: UI Events & Focus Handling
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mromarkhan, Assigned: jst)

Details

(Keywords: fixed-aviary1.0, fixed1.7.5)

Attachments

(3 files)

Onload changes caret browsing
342 bytes, text/html
Details
Don't enable browse with caret from untrusted events.
896 bytes, patch
jst
: superreview+
jst
: approval-aviary+
Details | Diff | Splinter Review
1.7 branch diff.
1.80 KB, patch
jst
: review+
jst
: superreview+
jst
: approval-aviary+
mkaply
: approval1.7.5+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Win 9x 4.90; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Win 9x 4.90; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

Malicious (in terms of sticky keys feature, remember?) websites may
turn caret browsing off and on, disorienting a user.
Generates F7 event

Reproducible: Always
Steps to Reproduce:
1. Load test case


Actual Results:  
Caret browsing swicthes.

Expected Results:  
Leave my settings alone.

    
    

    
  
Comment on attachment 163099 [details] [diff] [review]
Don't enable browse with caret from untrusted events.

mscott says r+sr=mscott, and asa says a=asa.

        Attachment #163099 -
        Flags: superreview+

        Attachment #163099 -
        Flags: review+

        Attachment #163099 -
        Flags: approval-aviary+

    
    

    
  
Fixed on aviary, made the exact same change in
xpfe/global/resources/content/bindings/browser.xml too. I'll land this on the
1.7 branch and trunk too...
Assignee: aaronleventhal → jst
Keywords: fixed-aviary1.0
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
vrfy'd fixed on linux fc2 with 2004102409-0.9+.

    
    

    
  
Fixed on trunk, moving to Browser...
Status: NEW → RESOLVED
Closed: 20 years ago
Component: Keyboard Navigation → XP Miscellany
OS: Windows ME → All
Product: Firefox → Browser
Hardware: PC → All
Resolution: --- → FIXED
Version: unspecified → Trunk

    
    

    
  

      
      
      
      

        Attached patch
          
          
        1.7 branch diff.Splinter Review
      

    


  

    
  

        Attachment #164433 -
        Flags: superreview+

        Attachment #164433 -
        Flags: review+

        Attachment #164433 -
        Flags: approval1.7.x?

        Attachment #164433 -
        Flags: approval-aviary+

    
    

    
  
Comment on attachment 164433 [details] [diff] [review]
1.7 branch diff.

a=mkaply

        Attachment #164433 -
        Flags: approval1.7.x? → approval1.7.x+

    
    

    
  
Fixed on the 1.7 branch too.
Keywords: fixed1.7.x

    
  
Component: XP Miscellany → Keyboard: Navigation
Flags: review+
Component: Keyboard: Navigation → User events and focus handling

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: