Closed
Bug 292319
Opened 20 years ago
Closed 20 years ago
Set trust for XForms events
Categories
(Core Graveyard :: XForms, defect)
Core Graveyard
XForms
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: allan, Assigned: smaug)
References
()
Details
Attachments
(1 file, 1 obsolete file)
|
20.03 KB,
patch
|
doronr
:
review+
aaronr
:
review+
|
Details | Diff | Splinter Review |
We need to handle the trust issue introduced by bug 289940. There are XXX comments in: * nsXFormsDispatchElement.cpp * nsXFormsUtils.cpp * nsXFormsTriggerElement.cpp
|
Assignee | |
Comment 1•20 years ago
|
||
As far as I understand UI events generated in nsXFormsDispatchElement.cpp or nsXFormsUtils.cpp should *not* be trusted. Events initialized in nsXFormsTriggerElement.cpp should be trusted only if the 'click' event used for initialization is trusted.
|
|
Assignee | |
Comment 2•20 years ago
|
||
(In reply to comment #1) > As far as I understand UI events generated in nsXFormsDispatchElement.cpp or > nsXFormsUtils.cpp should *not* be trusted. Events initialized in > nsXFormsTriggerElement.cpp should be trusted only if the 'click' event used for > initialization is trusted. or.... nsXFormsDispatchElement.cpp should copy the trusted state from the aEvent parameter. And if the scheme of the document URI is "chrome", we could dispatch trusted events in nsXFormsUtils.cpp.
|
|
Assignee | |
Comment 3•20 years ago
|
||
I'll still do few tests, but I think this should work.
|
|
Assignee | |
Updated•20 years ago
|
|
|
Assignee | |
Comment 4•20 years ago
|
||
in nsDispatchElement.cpp nsXFormsUtils::SetEventTrusted(event, aEvent); should be nsXFormsUtils::SetEventTrusted(event, nsnull);
|
|
Assignee | |
Comment 5•20 years ago
|
||
Comment on attachment 182251 [details] [diff] [review] v1 I'd wait until Bug 292464 is fixed.
Attachment #182251 -
Flags: review?(allan)
|
|
Assignee | |
Comment 6•20 years ago
|
||
In chrome events are set trusted and only trusted events are handled.
Attachment #182251 -
Attachment is obsolete: true
Attachment #182421 -
Flags: review?(doronr)
|
||
Comment 7•20 years ago
|
||
Comment on attachment 182421 [details] [diff] [review] v2 >? dependentLibs.h >Index: nsXFormsActionElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsActionElement.cpp,v >retrieving revision 1.2 >diff -u -8 -p -r1.2 nsXFormsActionElement.cpp >--- nsXFormsActionElement.cpp 29 Jan 2005 23:53:32 -0000 1.2 >+++ nsXFormsActionElement.cpp 2 May 2005 20:27:32 -0000 >@@ -104,19 +104,18 @@ nsXFormsActionElement::OnDestroyed() { > mVisualElement = nsnull; > mElement = nsnull; > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsActionElement::HandleEvent(nsIDOMEvent* aEvent) > { >- if (!aEvent) >- return NS_ERROR_INVALID_ARG; >- return HandleAction(aEvent, nsnull); >+ return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ? >+ HandleAction(aEvent, nsnull) : NS_OK; > } > > PR_STATIC_CALLBACK(PLDHashOperator) DoDeferredActions(nsISupports * aModel, > PRUint32 aDeferred, > void * data) > { > if (aModel && aDeferred) { > nsCOMPtr<nsIDOMNode> element = NS_STATIC_CAST(nsIDOMNode *, aModel); >Index: nsXFormsActionModuleBase.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsActionModuleBase.cpp,v >retrieving revision 1.1 >diff -u -8 -p -r1.1 nsXFormsActionModuleBase.cpp >--- nsXFormsActionModuleBase.cpp 5 Nov 2004 02:15:00 -0000 1.1 >+++ nsXFormsActionModuleBase.cpp 2 May 2005 20:27:32 -0000 >@@ -73,13 +73,12 @@ NS_IMETHODIMP nsXFormsActionModuleBase:: > { > mElement = nsnull; > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsActionModuleBase::HandleEvent(nsIDOMEvent* aEvent) > { >- if (!aEvent) >- return NS_ERROR_INVALID_ARG; >- return HandleAction(aEvent, nsnull); >+ return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ? >+ HandleAction(aEvent, nsnull) : NS_OK; > } > >Index: nsXFormsContextContainer.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsContextContainer.cpp,v >retrieving revision 1.9 >diff -u -8 -p -r1.9 nsXFormsContextContainer.cpp >--- nsXFormsContextContainer.cpp 18 Feb 2005 09:38:32 -0000 1.9 >+++ nsXFormsContextContainer.cpp 2 May 2005 20:27:32 -0000 >@@ -169,16 +169,18 @@ nsXFormsContextContainer::HandleDefault( > if (!aEvent || !mElement) > return NS_OK; > > nsAutoString type; > aEvent->GetType(type); > if (!type.EqualsLiteral("focus")) > return nsXFormsControlStub::HandleDefault(aEvent, aHandled); > >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; > /* > * Either we, or an element we contain, has gotten focus, so we need to set > * the repeat index. This is done through the \<repeat\> the > * nsXFormsContextContainer belongs to. > * > * Start by finding the \<repeat\> (our grandparent): > * <pre> > * <repeat> <-- gParent >Index: nsXFormsControlStub.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsControlStub.cpp,v >retrieving revision 1.15 >diff -u -8 -p -r1.15 nsXFormsControlStub.cpp >--- nsXFormsControlStub.cpp 28 Apr 2005 07:23:38 -0000 1.15 >+++ nsXFormsControlStub.cpp 2 May 2005 20:27:32 -0000 >@@ -61,25 +61,26 @@ NS_IMETHODIMP > nsXFormsHintHelpListener::HandleEvent(nsIDOMEvent* aEvent) > { > if (!aEvent) > return NS_ERROR_UNEXPECTED; > > nsCOMPtr<nsIDOMEventTarget> target; > aEvent->GetCurrentTarget(getter_AddRefs(target)); > nsCOMPtr<nsIDOMNode> targetNode(do_QueryInterface(target)); >- >- nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent)); >- if (keyEvent) { >- PRUint32 code = 0; >- keyEvent->GetKeyCode(&code); >- if (code == nsIDOMKeyEvent::DOM_VK_F1) >- nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help); >- } else { >- nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint); >+ if (nsXFormsUtils::EventHandlingAllowed(aEvent, targetNode)) { >+ nsCOMPtr<nsIDOMKeyEvent> keyEvent(do_QueryInterface(aEvent)); >+ if (keyEvent) { >+ PRUint32 code = 0; >+ keyEvent->GetKeyCode(&code); >+ if (code == nsIDOMKeyEvent::DOM_VK_F1) >+ nsXFormsUtils::DispatchEvent(targetNode, eEvent_Help); >+ } else { >+ nsXFormsUtils::DispatchEvent(targetNode, eEvent_Hint); >+ } > } > > return NS_OK; > } > > NS_IMPL_ISUPPORTS_INHERITED2(nsXFormsControlStub, > nsXFormsXMLVisualStub, > nsIXFormsContextControl, >@@ -279,17 +280,18 @@ nsXFormsControlStub::ToggleProperty(cons > } > > NS_IMETHODIMP > nsXFormsControlStub::HandleDefault(nsIDOMEvent *aEvent, > PRBool *aHandled) > { > NS_ENSURE_ARG(aHandled); > >- if (aEvent) { >+ if (nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) { >+ > // Check that we are the target of the event > nsCOMPtr<nsIDOMEventTarget> target; > aEvent->GetTarget(getter_AddRefs(target)); > nsCOMPtr<nsIDOMElement> targetE(do_QueryInterface(target)); > if (targetE && targetE != mElement) { > *aHandled = PR_FALSE; > return NS_OK; > } >Index: nsXFormsDispatchElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsDispatchElement.cpp,v >retrieving revision 1.3 >diff -u -8 -p -r1.3 nsXFormsDispatchElement.cpp >--- nsXFormsDispatchElement.cpp 28 Apr 2005 23:47:58 -0000 1.3 >+++ nsXFormsDispatchElement.cpp 2 May 2005 20:27:32 -0000 >@@ -103,21 +103,19 @@ nsXFormsDispatchElement::HandleAction(ns > if (!el) > return NS_OK; > > nsCOMPtr<nsIDOMDocumentEvent> docEvent = do_QueryInterface(doc); > nsCOMPtr<nsIDOMEvent> event; > docEvent->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event)); > event->InitEvent(name, bubbles, cancelable); > >- // XXX: What about uiEvent->SetTrusted(?), should these events be >- // trusted or not? >- > nsCOMPtr<nsIDOMEventTarget> targetEl = do_QueryInterface(el); > if (targetEl) { >+ nsXFormsUtils::SetEventTrusted(event, el); > PRBool defaultActionEnabled; > targetEl->DispatchEvent(event, &defaultActionEnabled); > } > return NS_OK; > } > > NS_HIDDEN_(nsresult) > NS_NewXFormsDispatchElement(nsIXTFElement **aResult) >Index: nsXFormsInputElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsInputElement.cpp,v >retrieving revision 1.30 >diff -u -8 -p -r1.30 nsXFormsInputElement.cpp >--- nsXFormsInputElement.cpp 11 Apr 2005 16:33:30 -0000 1.30 >+++ nsXFormsInputElement.cpp 2 May 2005 20:27:33 -0000 >@@ -254,17 +254,20 @@ nsXFormsInputElement::HandleDefault(nsID > PRBool *aHandled) > { > nsresult rv; > rv = nsXFormsControlStub::HandleDefault(aEvent, aHandled); > NS_ENSURE_SUCCESS(rv, rv); > if (*aHandled || !mIncremental) { > return NS_OK; > } >- >+ >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > > // Seems like too big of a hassle for too little gain to also check if we are > // a checkbox in addition to checking for the click. Plus, other input types > // like a date picker for input controls bound to a xsi:date type might > // need click updates, too. > if (type.EqualsLiteral("keyup") || type.EqualsLiteral("click")) >@@ -285,17 +288,18 @@ NS_IMETHODIMP > nsXFormsInputElement::Focus(nsIDOMEvent *aEvent) > { > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsInputElement::Blur(nsIDOMEvent *aEvent) > { >- return UpdateInstanceData(); >+ return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ? >+ UpdateInstanceData() : NS_OK; > } > > nsresult > nsXFormsInputElement::UpdateInstanceData() > { > if (!mControl || !mBoundNode || !mModel) > return NS_OK; > >Index: nsXFormsMessageElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsMessageElement.cpp,v >retrieving revision 1.3 >diff -u -8 -p -r1.3 nsXFormsMessageElement.cpp >--- nsXFormsMessageElement.cpp 23 Feb 2005 20:35:04 -0000 1.3 >+++ nsXFormsMessageElement.cpp 2 May 2005 20:27:34 -0000 >@@ -265,19 +265,18 @@ nsXFormsMessageElement::OnDestroyed() > mElement = nsnull; > mVisualElement = nsnull; > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsMessageElement::HandleEvent(nsIDOMEvent* aEvent) > { >- if (!aEvent) >- return NS_ERROR_INVALID_ARG; >- return HandleAction(aEvent, nsnull); >+ return nsXFormsUtils::EventHandlingAllowed(aEvent, mElement) ? >+ HandleAction(aEvent, nsnull) : NS_OK; > } > > void > nsXFormsMessageElement::CloneNode(nsIDOMNode* aSrc, nsIDOMNode** aTarget) > { > nsAutoString ns; > nsAutoString localName; > aSrc->GetNamespaceURI(ns); >Index: nsXFormsModelElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsModelElement.cpp,v >retrieving revision 1.50 >diff -u -8 -p -r1.50 nsXFormsModelElement.cpp >--- nsXFormsModelElement.cpp 28 Apr 2005 07:23:38 -0000 1.50 >+++ nsXFormsModelElement.cpp 2 May 2005 20:27:34 -0000 >@@ -353,16 +353,19 @@ nsXFormsModelElement::DoneAddingChildren > } > > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsModelElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled) > { >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > *aHandled = PR_TRUE; > > nsAutoString type; > aEvent->GetType(type); > nsresult rv = NS_OK; > > if (type.EqualsASCII(sXFormsEventsEntries[eEvent_Refresh].name)) { > rv = Refresh(); >@@ -729,16 +732,19 @@ nsXFormsModelElement::OnError(nsresult a > return NS_OK; > } > > // nsIDOMEventListener > > NS_IMETHODIMP > nsXFormsModelElement::HandleEvent(nsIDOMEvent* aEvent) > { >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > if (!type.EqualsLiteral("DOMContentLoaded")) > return NS_OK; > > mDocumentLoaded = PR_TRUE; > > if (mPendingInlineSchemas.Count() > 0) { >Index: nsXFormsSelectElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsSelectElement.cpp,v >retrieving revision 1.9 >diff -u -8 -p -r1.9 nsXFormsSelectElement.cpp >--- nsXFormsSelectElement.cpp 9 Feb 2005 09:57:31 -0000 1.9 >+++ nsXFormsSelectElement.cpp 2 May 2005 20:27:36 -0000 >@@ -344,16 +344,19 @@ nsXFormsSelectElement::TryFocus(PRBool* > return NS_OK; > } > > // nsIDOMEventListener > > NS_IMETHODIMP > nsXFormsSelectElement::HandleEvent(nsIDOMEvent *aEvent) > { >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > > nsAutoString value; > mElement->GetAttribute(NS_LITERAL_STRING("incremental"), value); > > // the default incremental value for a select element is 'true' according > // to the spec, so if there is no incremental value, assume true. >Index: nsXFormsSubmissionElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsSubmissionElement.cpp,v >retrieving revision 1.25 >diff -u -8 -p -r1.25 nsXFormsSubmissionElement.cpp >--- nsXFormsSubmissionElement.cpp 7 Mar 2005 19:46:03 -0000 1.25 >+++ nsXFormsSubmissionElement.cpp 2 May 2005 20:27:38 -0000 >@@ -278,16 +278,19 @@ nsXFormsSubmissionElement::OnDestroyed() > { > mElement = nsnull; > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsSubmissionElement::HandleDefault(nsIDOMEvent *aEvent, PRBool *aHandled) > { >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > if (type.EqualsLiteral("xforms-submit")) { > // If the submission is already active, do nothing. > if (!mSubmissionActive && NS_FAILED(Submit())) { > mSubmissionActive = PR_FALSE; > if (mActivator) { > mActivator->SetDisabled(PR_FALSE); >Index: nsXFormsTriggerElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsTriggerElement.cpp,v >retrieving revision 1.14 >diff -u -8 -p -r1.14 nsXFormsTriggerElement.cpp >--- nsXFormsTriggerElement.cpp 28 Apr 2005 23:47:58 -0000 1.14 >+++ nsXFormsTriggerElement.cpp 2 May 2005 20:27:38 -0000 >@@ -237,16 +237,19 @@ nsXFormsTriggerElement::HandleDefault(ns > nsresult rv; > > rv = nsXFormsControlStub::HandleDefault(aEvent, aHandled); > NS_ENSURE_SUCCESS(rv, rv); > if (*aHandled || !mIsMinimal) { > return NS_OK; > } > >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > > // Check for click on minimal trigger > if (!(*aHandled = type.EqualsLiteral("click"))) > return NS_OK; > > // We need to dend DOMActivate >@@ -271,18 +274,17 @@ nsXFormsTriggerElement::HandleDefault(ns > NS_ENSURE_TRUE(uiEvent, NS_ERROR_OUT_OF_MEMORY); > > uiEvent->InitUIEvent(NS_LITERAL_STRING("DOMActivate"), > PR_TRUE, > PR_TRUE, > aView, > 1); // Simple click > >- // XXX: What about uiEvent->SetTrusted(?), should these events be >- // trusted or not? >+ nsXFormsUtils::SetEventTrusted(uiEvent, mElement); > > PRBool cancelled; > return target->DispatchEvent(uiEvent, &cancelled); > } > > // nsIXFormsControl > > NS_IMETHODIMP >@@ -323,16 +325,19 @@ nsXFormsSubmitElement::HandleDefault(nsI > nsresult rv; > > rv = nsXFormsTriggerElement::HandleDefault(aEvent, aHandled); > NS_ENSURE_SUCCESS(rv, rv); > if (*aHandled) { > return NS_OK; > } > >+ if (!nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) >+ return NS_OK; >+ > nsAutoString type; > aEvent->GetType(type); > if (!(*aHandled = type.EqualsLiteral("DOMActivate"))) > return NS_OK; > > NS_NAMED_LITERAL_STRING(submission, "submission"); > nsAutoString submissionID; > mElement->GetAttribute(submission, submissionID); >Index: nsXFormsUploadElement.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsUploadElement.cpp,v >retrieving revision 1.6 >diff -u -8 -p -r1.6 nsXFormsUploadElement.cpp >--- nsXFormsUploadElement.cpp 9 Feb 2005 09:57:31 -0000 1.6 >+++ nsXFormsUploadElement.cpp 2 May 2005 20:27:38 -0000 >@@ -206,17 +206,18 @@ NS_IMETHODIMP > nsXFormsUploadElement::Focus(nsIDOMEvent *aEvent) > { > return NS_OK; > } > > NS_IMETHODIMP > nsXFormsUploadElement::Blur(nsIDOMEvent *aEvent) > { >- if (!mInput || !mBoundNode || !mModel) >+ if (!mInput || !mBoundNode || !mModel || >+ !nsXFormsUtils::EventHandlingAllowed(aEvent, mElement)) > return NS_OK; > > nsAutoString value; > mInput->GetValue(value); > > // store the file as a property on the selected content node. the submission > // code will read this value. > >Index: nsXFormsUtils.cpp >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsUtils.cpp,v >retrieving revision 1.33 >diff -u -8 -p -r1.33 nsXFormsUtils.cpp >--- nsXFormsUtils.cpp 28 Apr 2005 23:47:58 -0000 1.33 >+++ nsXFormsUtils.cpp 2 May 2005 20:27:39 -0000 >@@ -75,16 +75,19 @@ > #include "nsIScriptSecurityManager.h" > #include "nsIPermissionManager.h" > #include "nsServiceManagerUtils.h" > #include "nsIXFormsUtilityService.h" > #include "nsIDOMAttr.h" > #include "nsIDOM3Node.h" > #include "nsIConsoleService.h" > #include "nsIStringBundle.h" >+#include "nsIDOMNSEvent.h" >+#include "nsIURI.h" >+#include "nsIPrivateDOMEvent.h" > > #define CANCELABLE 0x01 > #define BUBBLES 0x02 > > const EventData sXFormsEventsEntries[41] = { > { "xforms-model-construct", PR_FALSE, PR_TRUE }, > { "xforms-model-construct-done", PR_FALSE, PR_TRUE }, > { "xforms-ready", PR_FALSE, PR_TRUE }, >@@ -714,27 +717,85 @@ nsXFormsUtils::DispatchEvent(nsIDOMNode* > > nsCOMPtr<nsIDOMEvent> event; > doc->CreateEvent(NS_LITERAL_STRING("Events"), getter_AddRefs(event)); > NS_ENSURE_TRUE(event, NS_ERROR_OUT_OF_MEMORY); > > const EventData *data = &sXFormsEventsEntries[aEvent]; > event->InitEvent(NS_ConvertUTF8toUTF16(data->name), > data->canBubble, data->canCancel); >- >- // XXX: What about event->SetTrusted(?) here? Should all these >- // events be trusted? Right now they're never trusted. >- >+ > nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(aTarget); > NS_ENSURE_STATE(target); > >+ SetEventTrusted(event, aTarget); >+ > PRBool defaultActionEnabled; > return target->DispatchEvent(event, &defaultActionEnabled); > } > >+/* static */ nsresult >+nsXFormsUtils::SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode) >+{ >+ nsCOMPtr<nsIDOMNSEvent> event(do_QueryInterface(aEvent)); >+ if (event) { >+ PRBool isTrusted = PR_FALSE; >+ event->GetIsTrusted(&isTrusted); >+ if (!isTrusted && aRelatedNode) { >+ nsCOMPtr<nsIDOMDocument> domDoc; >+ aRelatedNode->GetOwnerDocument(getter_AddRefs(domDoc)); >+ nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc)); >+ if (doc) { >+ nsIURI* uri = doc->GetDocumentURI(); >+ if (uri) { >+ PRBool isChrome = PR_FALSE; >+ uri->SchemeIs("chrome", &isChrome); >+ if (isChrome) { >+ nsCOMPtr<nsIPrivateDOMEvent> privateEvent(do_QueryInterface(aEvent)); >+ NS_ENSURE_STATE(privateEvent); >+ privateEvent->SetTrusted(PR_TRUE); >+ } >+ } >+ } >+ } >+ } >+ return NS_OK; >+} >+ >+/* static */ PRBool >+nsXFormsUtils::EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget) >+{ >+ PRBool allow = PR_FALSE; >+ if (aEvent && aTarget) { >+ nsCOMPtr<nsIDOMNSEvent> related(do_QueryInterface(aEvent)); >+ if (related) { >+ PRBool isTrusted = PR_FALSE; >+ if (NS_SUCCEEDED(related->GetIsTrusted(&isTrusted))) { >+ if (isTrusted) { >+ allow = PR_TRUE; >+ } else { >+ nsCOMPtr<nsIDOMDocument> domDoc; >+ aTarget->GetOwnerDocument(getter_AddRefs(domDoc)); >+ nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc)); >+ if (doc) { >+ nsIURI* uri = doc->GetDocumentURI(); >+ if (uri) { >+ PRBool isChrome = PR_FALSE; >+ uri->SchemeIs("chrome", &isChrome); >+ allow = !isChrome; >+ } >+ } >+ } >+ } >+ } >+ } >+ NS_WARN_IF_FALSE(allow, "Event handling not allowed!"); >+ return allow; >+} >+ > /* static */ PRBool > nsXFormsUtils::IsXFormsEvent(const nsAString& aEvent, > PRBool& aCancelable, > PRBool& aBubbles) > { > PRUint32 flag = 0; > if (!sXFormsEvents.Get(aEvent, &flag)) > return PR_FALSE; >Index: nsXFormsUtils.h >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xforms/nsXFormsUtils.h,v >retrieving revision 1.23 >diff -u -8 -p -r1.23 nsXFormsUtils.h >--- nsXFormsUtils.h 28 Apr 2005 07:17:49 -0000 1.23 >+++ nsXFormsUtils.h 2 May 2005 20:27:40 -0000 >@@ -49,16 +49,17 @@ > #include "nsIScriptError.h" > #include "nsVoidArray.h" > > class nsIDOMElement; > class nsIXFormsModelElement; > class nsIURI; > class nsString; > class nsIMutableArray; >+class nsIDOMEvent; > > #define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms" > #define NS_NAMESPACE_XHTML "http://www.w3.org/1999/xhtml" > #define NS_NAMESPACE_XML_SCHEMA "http://www.w3.org/2001/XMLSchema" > #define NS_NAMESPACE_XML_SCHEMA_INSTANCE "http://www.w3.org/2001/XMLSchema-instance" > > /** > * XForms event types >@@ -252,17 +253,29 @@ public: > static NS_HIDDEN_(PRBool) > GetSingleNodeBindingValue(nsIDOMElement* aElement, nsString& aValue); > > /** > * Dispatch an XForms event. > */ > static NS_HIDDEN_(nsresult) > DispatchEvent(nsIDOMNode* aTarget, nsXFormsEvent aEvent); >- >+ >+ /** >+ * Sets aEvent trusted if aRelatedNode is in chrome. >+ */ >+ static NS_HIDDEN_(nsresult) >+ SetEventTrusted(nsIDOMEvent* aEvent, nsIDOMNode* aRelatedNode); >+ >+ /** >+ * Returns PR_TRUE unless aTarget is in chrome and aEvent is not trusted. >+ */ >+ static NS_HIDDEN_(PRBool) >+ EventHandlingAllowed(nsIDOMEvent* aEvent, nsIDOMNode* aTarget); >+ > /** > * Returns PR_TRUE, if aEvent is an XForms event, and sets the values > * of aCancelable and aBubbles parameters according to the event type. > */ > static NS_HIDDEN_(PRBool) > IsXFormsEvent(const nsAString& aEvent, > PRBool& aCancelable, > PRBool& aBubbles);
Attachment #182421 -
Flags: review?(doronr) → review+
|
|
Assignee | |
Updated•20 years ago
|
Attachment #182421 -
Flags: review?(aaronr)
Comment on attachment 182421 [details] [diff] [review] v2 Looks good to me. I'd suggest commenting nsXFormsUtils::EventHandlingAllowed and/or nsXFormsUtils::SetEventTrusted so that when people are adding event handlers in a year or two, they can easily see why they need to use these functions. Should probably spell out exactly when these need to be used, too (prior to event dispatch, prior to handling an event, etc.). with that, r=me
Attachment #182421 -
Flags: review?(aaronr) → review+
|
|
Assignee | |
Comment 9•20 years ago
|
||
checked in
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Comment 10•20 years ago
|
||
We changed the check in content a little bit, see bug 292464 (attachment 182542 [details] [diff] [review]). You might want to make the same change.
|
|
Assignee | |
Comment 11•20 years ago
|
||
(In reply to comment #10) > We changed the check in content a little bit, see bug 292464 (attachment > 182542 [edit]). You might want to make the same change. Yes, I know ;) I'll change it.
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•