Closed
Bug 292943
Opened 20 years ago
Closed 20 years ago
Can retarget trusted events to unexpected nodes
Categories
(Core :: DOM: Events, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 296704
People
(Reporter: bzbarsky, Assigned: jst)
Details
(Whiteboard: [sg:dupe 296704])
Attachments
(1 file)
|
455 bytes,
text/html
|
Details |
This is a variant on the bug we had where the page dispatched a DOMLinkAdded event on a non-link node so that when the chrome saw the event and read the "rel" property it ended up doing unexpected things. The basic problem is that the page can call dispatchEvent on an already-dispatching event to redispatch it to a new node. Testcase coming up to demonstrate this. If the DOM spec doesn't require that we support this, I'd suggest having a flag on events that prevents them from being dispatched more than once. If it _does_ require that we support this, I'm not sure what we should do. Perhaps the same thing anyway...
|
Reporter | |
Comment 1•20 years ago
|
||
To test, enable the link toolbar and load the testcase. Note that the "Previous" link in the link toolbar is enabled...
Can we save and restore the trusted flag, so that it's unset during the dispatch from the page?
|
|
Reporter | |
Comment 3•20 years ago
|
||
Yeah, that should be doable...
|
||
Comment 4•20 years ago
|
||
should we clone a trusted event if it's redispatched by untrusted content?
Assignee: events → jst
Flags: blocking1.7.8?
Flags: blocking-aviary1.0.4?
|
||
Comment 5•20 years ago
|
||
I see nothing wrong with allowing trusted events to be redispatched, so long as we untrust it first. After all, you can always create a new event that is otherwise equivalent and dispatch that.
|
|
Reporter | |
Comment 6•20 years ago
|
||
> I see nothing wrong with allowing trusted events to be redispatched
Depends on whather doing that also messes with the event target such that
further dispatch for the original event is broken... It doesn't seem to, and I
can't see _why_.|
|
||
Comment 7•20 years ago
|
||
By "I see nothing wrong" I meant that given a perfect implementation, it seems fine. If there are bugs, that's another story -- but you can get bugs with any feature, that has little to do with design questions (beyond the fact that some designs are more bug-prone than others, of course).
|
|
||
Updated•20 years ago
|
Flags: blocking1.8b3+
Flags: blocking-aviary1.1+
Whiteboard: [sg:fix]
|
|
||
Updated•20 years ago
|
Flags: blocking1.7.8? → blocking1.7.9?
|
Assignee | |
Comment 8•20 years ago
|
||
This is really the same as bug 296704. Duping to it, since that's where the work for this ended up being done, even if this bug is older... *** This bug has been marked as a duplicate of 296704 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 9•20 years ago
|
||
Clearing branch blocking flags
Flags: blocking1.7.9?
Flags: blocking1.7.9-
Flags: blocking-aviary1.0.5?
Flags: blocking-aviary1.0.5-
|
|
||
Updated•19 years ago
|
Group: security
Whiteboard: [sg:fix] → [sg:dupe 296704]
You need to log in
before you can comment on or make changes to this bug.
Description
•