Bug 1442078 - throw "SecurityError" if show is not triggered by user activation. r=baku

MozReview-Commit-ID: 73gP1iJAvhf
2018-03-02 16:17:45 -05:00
parent d9f8c529a8
commit 98f1e899b8
1 changed files with 6 additions and 0 deletions
--- a/dom/payments/PaymentRequest.cpp
+++ b/dom/payments/PaymentRequest.cpp
@@ -8,6 +8,7 @@
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/PaymentRequest.h"
 #include "mozilla/dom/PaymentResponse.h"
+#include "mozilla/EventStateManager.h"
 #include "nsContentUtils.h"
 #include "nsIURLParser.h"
 #include "nsNetCID.h"
@@ -687,6 +688,11 @@ PaymentRequest::Show(ErrorResult& aRv)
    return nullptr;
  }

+  if (!EventStateManager::IsHandlingUserInput()) {
+    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+    return nullptr;
+  }
+
  nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(GetOwner());
  ErrorResult result;
  RefPtr<Promise> promise = Promise::Create(global, result);