812202 - initMouseEvent with ctrlkey flag

Status: UNCONFIRMED

(Firefox :: Tabbed Browser, defect)

Description

[julián]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11

Steps to reproduce:

This works ok for chrome, but does nothing in firefox:

<!doctype html>
<html lang="en">
<body>
<button id="test">Open Google</button>
<script type="text/javascript">
document.getElementById("test").addEventListener("click", openNewBackgroundTab, false);

function openNewBackgroundTab(){
    var a = document.createElement("a");
    a.href = "http://www.google.com/";
    var evt = document.createEvent("MouseEvents");    
    evt.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, true, false, false, false, 0, null);
    a.dispatchEvent(evt);
}
</script>
</body>
</html>
in firefox, when I put the ctrlkey parameter to false it works again but in the same page

evt.initMouseEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);
code working:

http://jsfiddle.net/3ZmvS/41/


Actual results:

nothing


Expected results:

open a tab in the background

Comment 1

[Boris Zbarsky [:bzbarsky]]

The event listener that handles ctrl+click is part of the UI, not Gecko, and is only listening for trusted events.

Whether we want to allow opening new tabs from untrusted events like that is up to the UI folks, obviously.

Comment 2

[Daniel C]

I think this would need a sec-review. Opening a new tab from untrusted JS is something that could have upgraded a spoofing bug I filed a few years ago from sg:moderate to sg:high (as opposed to convincing the user to physically Ctrl+Click something).