corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1370630 - Untrusted submit event shouldn't trigger form submission. r=smaug.

Browse Source 
MozReview-Commit-ID: 6jl7Xvh1Y1Y
This commit is contained in:
Stone Shih
2017-06-19 15:46:07 +08:00
parent 58db68bde9
commit b35fa2b871
3 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dom/html/HTMLFormElement.cpp
View File

@@ -474,7 +474,10 @@ nsresult
HTMLFormElement::GetEventTargetParent(EventChainPreVisitor& aVisitor)
{
aVisitor.mWantsWillHandleEvent = true;
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this)) {
// According to the UI events spec section "Trusted events", we shouldn't
// trigger UA default action with an untrusted event except click.
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
aVisitor.mEvent->IsTrusted()) {
uint32_t msg = aVisitor.mEvent->mMessage;
if (msg == eFormSubmit) {
if (mGeneratingSubmit) {
@@ -516,7 +519,10 @@ HTMLFormElement::WillHandleEvent(EventChainPostVisitor& aVisitor)
nsresult
HTMLFormElement::PostHandleEvent(EventChainPostVisitor& aVisitor)
{
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this)) {
// According to the UI events spec section "Trusted events", we shouldn't
// trigger UA default action with an untrusted event except click.
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
aVisitor.mEvent->IsTrusted()) {
EventMessage msg = aVisitor.mEvent->mMessage;
if (msg == eFormSubmit) {
// let the form know not to defer subsequent submissions