Changeset 57045 in webkit

Timestamp:

Apr 3, 2010 12:05:55 AM (14 years ago)

Author:

abarth@webkit.org

Message:

2010-04-02 Andy Estes <​aestes@apple.com>

Reviewed by Adam Barth.

Tests for ​https://bugs.webkit.org/show_bug.cgi?id=37008.

• fast/events/popup-allowed-from-gesture-initiated-event-expected.txt: Added.
• fast/events/popup-allowed-from-gesture-initiated-event.html: Added.
• fast/events/popup-blocked-from-fake-button-click-expected.txt: Added.
• fast/events/popup-blocked-from-fake-button-click.html: Added.
• fast/events/popup-blocked-from-fake-focus-expected.txt: Added.
• fast/events/popup-blocked-from-fake-focus.html: Added.

2010-04-02 Andy Estes <​aestes@apple.com>

Reviewed by Adam Barth.

The previous mechanism for testing whether an event was due to a user
gesture only checked the event type, not the source of the event. This
allowed scripts to defeat popup blocking by programatically emitting
certain types of events.

Change the user gesture detection to check for a flag that is only set
when the event in question was generated through the platform and not
through the DOM.

​https://bugs.webkit.org/show_bug.cgi?id=37008

Tests: fast/events/popup-allowed-from-gesture-initiated-event.html

fast/events/popup-blocked-from-fake-button-click.html
fast/events/popup-blocked-from-fake-focus.html

• Android.mk: Add UserGestureIndicator.{cpp, h}.
• GNUmakefile.am: Same.
• WebCore.gypi: Same.
• WebCore.pro: Same.
• WebCore.vcproj/WebCore.vcproj: Same.
• WebCore.xcodeproj/project.pbxproj: Same.
• bindings/v8/ScriptController.cpp: (WebCore::ScriptController::processingUserGesture): Check the value of UserGesureIndicator::processingUserGesture().
• dom/Document.cpp: (WebCore::Document::createEvent): Remove call to Event::setCreatedByDOM().
• dom/Event.cpp: (WebCore::Event::Event): Remove initializers for m_createdByDOM. (WebCore::Event::fromUserGesture): Check the value of UserGestureIndicator::processingUserGesture().
• dom/Event.h: Remove m_createdByDOM.
• dom/UserGestureIndicator.cpp: Added. (WebCore::UserGestureIndicator::UserGestureIndicator): Save the previous value of s_processingUserGesture before setting it to true. (WebCore::UserGestureIndicator::~UserGestureIndicator): Restore s_processingUserGesture to its previous value.
• dom/UserGestureIndicator.h: Added. (WebCore::UserGestureIndicator::processingUserGesture): Return the value of s_processingUserGesture.
• page/EventHandler.cpp: (WebCore::EventHandler::handleMousePressEvent): Instantiate a UserGestureIndicator object on the stack to indicate a user gesture is being processed. (WebCore::EventHandler::handleMouseDoubleClickEvent): Same. (WebCore::EventHandler::handleMouseReleaseEvent): Same. (WebCore::EventHandler::keyEvent): Same. (WebCore::EventHandler::handleTouchEvent): Same.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/events/popup-allowed-from-gesture-initiated-event-expected.txt (added)
• LayoutTests/fast/events/popup-allowed-from-gesture-initiated-event.html (added)
• LayoutTests/fast/events/popup-blocked-from-fake-button-click-expected.txt (added)
• LayoutTests/fast/events/popup-blocked-from-fake-button-click.html (added)
• LayoutTests/fast/events/popup-blocked-from-fake-focus-expected.txt (added)
• LayoutTests/fast/events/popup-blocked-from-fake-focus.html (added)
• WebCore/Android.mk (modified) (1 diff)
• WebCore/ChangeLog (modified) (1 diff)
• WebCore/GNUmakefile.am (modified) (1 diff)
• WebCore/WebCore.gypi (modified) (1 diff)
• WebCore/WebCore.pro (modified) (2 diffs)
• WebCore/WebCore.vcproj/WebCore.vcproj (modified) (1 diff)
• WebCore/WebCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• WebCore/bindings/v8/ScriptController.cpp (modified) (2 diffs)
• WebCore/dom/Document.cpp (modified) (1 diff)
• WebCore/dom/Event.cpp (modified) (4 diffs)
• WebCore/dom/Event.h (modified) (2 diffs)
• WebCore/dom/UserGestureIndicator.cpp (added)
• WebCore/dom/UserGestureIndicator.h (added)
• WebCore/page/EventHandler.cpp (modified) (6 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2010-04-02  Andy Estes  <aestes@apple.com>
+
+        Reviewed by Adam Barth.
+
+        Tests for https://bugs.webkit.org/show_bug.cgi?id=37008.
+
+        * fast/events/popup-allowed-from-gesture-initiated-event-expected.txt: Added.
+        * fast/events/popup-allowed-from-gesture-initiated-event.html: Added.
+        * fast/events/popup-blocked-from-fake-button-click-expected.txt: Added.
+        * fast/events/popup-blocked-from-fake-button-click.html: Added.
+        * fast/events/popup-blocked-from-fake-focus-expected.txt: Added.
+        * fast/events/popup-blocked-from-fake-focus.html: Added.
+
 2010-04-02  Adam Barth  <abarth@webkit.org>
 

trunk/WebCore/Android.mk

@@ -174 +174 @@
         dom/UIEvent.cpp \
         dom/UIEventWithKeyState.cpp \
+        dom/UserGestureIndicator.cpp \
         dom/WebKitAnimationEvent.cpp \
         dom/WebKitTransitionEvent.cpp \

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-04-02  Andy Estes  <aestes@apple.com>
+
+        Reviewed by Adam Barth.
+
+        The previous mechanism for testing whether an event was due to a user
+        gesture only checked the event type, not the source of the event.  This
+        allowed scripts to defeat popup blocking by programatically emitting
+        certain types of events.
+
+        Change the user gesture detection to check for a flag that is only set
+        when the event in question was generated through the platform and not
+        through the DOM.
+
+        https://bugs.webkit.org/show_bug.cgi?id=37008
+
+        Tests: fast/events/popup-allowed-from-gesture-initiated-event.html
+               fast/events/popup-blocked-from-fake-button-click.html
+               fast/events/popup-blocked-from-fake-focus.html
+
+        * Android.mk: Add UserGestureIndicator.{cpp, h}.
+        * GNUmakefile.am: Same.
+        * WebCore.gypi: Same.
+        * WebCore.pro: Same.
+        * WebCore.vcproj/WebCore.vcproj: Same.
+        * WebCore.xcodeproj/project.pbxproj: Same.
+        * bindings/v8/ScriptController.cpp:
+        (WebCore::ScriptController::processingUserGesture): Check the value of
+        UserGesureIndicator::processingUserGesture().
+        * dom/Document.cpp:
+        (WebCore::Document::createEvent): Remove call to
+        Event::setCreatedByDOM().
+        * dom/Event.cpp:
+        (WebCore::Event::Event): Remove initializers for m_createdByDOM.
+        (WebCore::Event::fromUserGesture): Check the value of
+        UserGestureIndicator::processingUserGesture().
+        * dom/Event.h: Remove m_createdByDOM.
+        * dom/UserGestureIndicator.cpp: Added.
+        (WebCore::UserGestureIndicator::UserGestureIndicator): Save the previous
+        value of s_processingUserGesture before setting it to true.
+        (WebCore::UserGestureIndicator::~UserGestureIndicator): Restore
+        s_processingUserGesture to its previous value.
+        * dom/UserGestureIndicator.h: Added.
+        (WebCore::UserGestureIndicator::processingUserGesture): Return the value
+        of s_processingUserGesture.
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleMousePressEvent): Instantiate a
+        UserGestureIndicator object on the stack to indicate a user gesture is
+        being processed.
+        (WebCore::EventHandler::handleMouseDoubleClickEvent): Same.
+        (WebCore::EventHandler::handleMouseReleaseEvent): Same.
+        (WebCore::EventHandler::keyEvent): Same.
+        (WebCore::EventHandler::handleTouchEvent): Same.
+
 2010-04-02  Justin Schuh  <jschuh@chromium.org>
 

trunk/WebCore/GNUmakefile.am

@@ -867 +867 @@
         WebCore/dom/UIEventWithKeyState.cpp \
         WebCore/dom/UIEventWithKeyState.h \
+        WebCore/dom/UserGestureIndicator.cpp \
+        WebCore/dom/UserGestureIndicator.h \
         WebCore/dom/WebKitAnimationEvent.cpp \
         WebCore/dom/WebKitAnimationEvent.h \

trunk/WebCore/WebCore.gypi

@@ -1221 +1221 @@
             'dom/UIEventWithKeyState.cpp',
             'dom/UIEventWithKeyState.h',
+            'dom/UserGestureIndicator.cpp',
+            'dom/UserGestureIndicator.h',
             'dom/WebKitAnimationEvent.cpp',
             'dom/WebKitAnimationEvent.h',

trunk/WebCore/WebCore.pro

@@ -539 +539 @@
     dom/UIEvent.cpp \
     dom/UIEventWithKeyState.cpp \
+    dom/UserGestureIndicator.cpp \
     dom/WebKitAnimationEvent.cpp \
     dom/WebKitTransitionEvent.cpp \
@@ -1251 +1252 @@
     dom/UIEvent.h \
     dom/UIEventWithKeyState.h \
+    dom/UserGestureIndicator.h \
     dom/WebKitAnimationEvent.h \
     dom/WebKitTransitionEvent.h \

trunk/WebCore/WebCore.vcproj/WebCore.vcproj

@@ -29486 +29486 @@
                         </File>
                         <File
+                                RelativePath="..\dom\UserGestureIndicator.cpp"
+                                >
+                        </File>
+                        <File
+                                RelativePath="..\dom\UserGestureIndicator.h"
+                                >
+                        </File>
+                        <File
                                 RelativePath="..\dom\WebKitAnimationEvent.cpp"
                                 >

trunk/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -560 +560 @@
                 24F54EAC101FE914000AE741 /* ApplicationCacheHost.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 24F54EAA101FE914000AE741 /* ApplicationCacheHost.cpp */; };
                 24F54EAD101FE914000AE741 /* ApplicationCacheHost.h in Headers */ = {isa = PBXBuildFile; fileRef = 24F54EAB101FE914000AE741 /* ApplicationCacheHost.h */; settings = {ATTRIBUTES = (); }; };
+                2542F4DA1166C25A00E89A86 /* UserGestureIndicator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2542F4D81166C25A00E89A86 /* UserGestureIndicator.cpp */; };
+                2542F4DB1166C25A00E89A86 /* UserGestureIndicator.h in Headers */ = {isa = PBXBuildFile; fileRef = 2542F4D91166C25A00E89A86 /* UserGestureIndicator.h */; };
                 29A812260FBB9C1D00510293 /* AccessibilityRenderObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 29A812080FBB9C1D00510293 /* AccessibilityRenderObject.cpp */; };
                 29A812270FBB9C1D00510293 /* AccessibilityTable.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 29A812090FBB9C1D00510293 /* AccessibilityTable.cpp */; };
@@ -5953 +5955 @@
                 24F54EAA101FE914000AE741 /* ApplicationCacheHost.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ApplicationCacheHost.cpp; sourceTree = "<group>"; };
                 24F54EAB101FE914000AE741 /* ApplicationCacheHost.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ApplicationCacheHost.h; sourceTree = "<group>"; };
+                2542F4D81166C25A00E89A86 /* UserGestureIndicator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UserGestureIndicator.cpp; sourceTree = "<group>"; };
+                2542F4D91166C25A00E89A86 /* UserGestureIndicator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UserGestureIndicator.h; sourceTree = "<group>"; };
                 29A812080FBB9C1D00510293 /* AccessibilityRenderObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AccessibilityRenderObject.cpp; sourceTree = "<group>"; };
                 29A812090FBB9C1D00510293 /* AccessibilityTable.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AccessibilityTable.cpp; sourceTree = "<group>"; };
@@ -16223 +16227 @@
                                 93354A3B0B24F8C9003F6DEA /* UIEventWithKeyState.cpp */,
                                 85031B390A44EFC700F992E0 /* UIEventWithKeyState.h */,
+                                2542F4D81166C25A00E89A86 /* UserGestureIndicator.cpp */,
+                                2542F4D91166C25A00E89A86 /* UserGestureIndicator.h */,
                                 31C0FF1B0E4CEB6E007D6FE5 /* WebKitAnimationEvent.cpp */,
                                 31C0FF1C0E4CEB6E007D6FE5 /* WebKitAnimationEvent.h */,
@@ -18780 +18786 @@
                                 8952535311641B3400CABF00 /* FileThread.h in Headers */,
                                 97C078501165D5BE003A32EF /* SuffixTree.h in Headers */,
+                                2542F4DB1166C25A00E89A86 /* UserGestureIndicator.h in Headers */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;
@@ -20995 +21002 @@
                                 2E3BBF071162DA1100B9409A /* UUID.cpp in Sources */,
                                 8952535211641B3400CABF00 /* FileThread.cpp in Sources */,
+                                2542F4DA1166C25A00E89A86 /* UserGestureIndicator.cpp in Sources */,
                         );
                         runOnlyForDeploymentPostprocessing = 0;

trunk/WebCore/bindings/v8/ScriptController.cpp

@@ -48 +48 @@
 #include "ScriptSourceCode.h"
 #include "Settings.h"
+#include "UserGestureIndicator.h"
 #include "V8Binding.h"
 #include "V8BindingState.h"
@@ -177 +178 @@
     // Note: This is more liberal than Firefox's implementation.
     if (event) {
-        if (event->createdByDOM())
+        if (!UserGestureIndicator::processingUserGesture())
             return false;
 

trunk/WebCore/dom/Document.cpp

@@ -3062 +3062 @@
         event = TouchEvent::create();
 #endif
-    if (event) {
-        event->setCreatedByDOM(true);
+    if (event)
         return event.release();
-    }
+
     ec = NOT_SUPPORTED_ERR;
     return 0;

trunk/WebCore/dom/Event.cpp

@@ -25 +25 @@
 
 #include "AtomicString.h"
+#include "UserGestureIndicator.h"
 #include <wtf/CurrentTime.h>
 
@@ -37 +38 @@
     , m_defaultHandled(false)
     , m_cancelBubble(false)
-    , m_createdByDOM(false)
     , m_eventPhase(0)
     , m_currentTarget(0)
@@ -53 +53 @@
     , m_defaultHandled(false)
     , m_cancelBubble(false)
-    , m_createdByDOM(false)
     , m_eventPhase(0)
     , m_currentTarget(0)
@@ -204 +203 @@
 bool Event::fromUserGesture()
 {
-    if (createdByDOM())
+    if (!UserGestureIndicator::processingUserGesture())
         return false;
 

trunk/WebCore/dom/Event.h

@@ -159 +159 @@
         virtual Clipboard* clipboard() const { return 0; }
 
-        bool createdByDOM() const { return m_createdByDOM; }
-        void setCreatedByDOM(bool createdByDOM) { m_createdByDOM = createdByDOM; }
-
     protected:
         Event();
@@ -180 +177 @@
         bool m_cancelBubble;
 
-        // Whether this event was created by document.createEvent().
-        bool m_createdByDOM;
-
         unsigned short m_eventPhase;
         EventTarget* m_currentTarget;

trunk/WebCore/page/EventHandler.cpp

@@ -67 +67 @@
 #include "Settings.h"
 #include "TextEvent.h"
+#include "UserGestureIndicator.h"
 #include "WheelEvent.h"
 #include "htmlediting.h" // for comparePositions()
@@ -1166 +1167 @@
 {
     RefPtr<FrameView> protector(m_frame->view());
-
+    
+    UserGestureIndicator gestureIndicator;
+    
     cancelFakeMouseMoveEvent();
     m_mousePressed = true;
@@ -1295 +1298 @@
 {
     RefPtr<FrameView> protector(m_frame->view());
+    
+    UserGestureIndicator gestureIndicator;
 
     // We get this instead of a second mouse-up 
@@ -1462 +1467 @@
 {
     RefPtr<FrameView> protector(m_frame->view());
+    
+    UserGestureIndicator gestureIndicator;
 
 #if ENABLE(PAN_SCROLLING)
@@ -2121 +2128 @@
     if (!node)
         return false;
+    
+    UserGestureIndicator gestureIndicator;
 
     if (FrameView* view = m_frame->view())
@@ -2688 +2697 @@
     const Vector<PlatformTouchPoint>& points = event.touchPoints();
     AtomicString* eventName = 0;
+    
+    UserGestureIndicator gestureIndicator;
 
     for (unsigned i = 0; i < points.size(); ++i) {