Open Bug 812202 Opened 8 years ago Updated 8 years ago

initMouseEvent with ctrlkey flag


(Firefox :: Tabbed Browser, defect)

6 Branch
Windows 7
Not set





(Reporter: chulian1819, Unassigned)



User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11

Steps to reproduce:

This works ok for chrome, but does nothing in firefox:

<!doctype html>
<html lang="en">
<button id="test">Open Google</button>
<script type="text/javascript">
document.getElementById("test").addEventListener("click", openNewBackgroundTab, false);

function openNewBackgroundTab(){
    var a = document.createElement("a");
    a.href = "";
    var evt = document.createEvent("MouseEvents");    
    evt.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
in firefox, when I put the ctrlkey parameter to false it works again but in the same page

evt.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);
code working:

Actual results:


Expected results:

open a tab in the background
Summary: initMouseEvent with ctrl flag bug → initMouseEvent with ctrlkey flag
Blocks: 666604
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Version: 16 Branch → 6 Branch
The event listener that handles ctrl+click is part of the UI, not Gecko, and is only listening for trusted events.

Whether we want to allow opening new tabs from untrusted events like that is up to the UI folks, obviously.
Component: DOM: Core & HTML → Tabbed Browser
Product: Core → Firefox
I think this would need a sec-review. Opening a new tab from untrusted JS is something that could have upgraded a spoofing bug I filed a few years ago from sg:moderate to sg:high (as opposed to convincing the user to physically Ctrl+Click something).
You need to log in before you can comment on or make changes to this bug.