corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1370630 - Untrusted submit event shouldn't trigger form submission. r=smaug.

Browse Source 
MozReview-Commit-ID: 6jl7Xvh1Y1Y
This commit is contained in:
Stone Shih
2017-06-19 15:46:07 +08:00
parent 58db68bde9
commit b35fa2b871
3 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dom/events/test/mochitest.ini
View File

@@ -180,3 +180,4 @@ skip-if = toolkit == 'android' #CRASH_DUMP, RANDOM
[test_bug1332699.html] [test_bug1332699.html]
[test_bug1339758.html] [test_bug1339758.html]
[test_dnd_with_modifiers.html] [test_dnd_with_modifiers.html]
[test_submitevent_on_form.html]

37
dom/events/test/test_submitevent_on_form.html Normal file
View File

@@ -0,0 +1,37 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test submit event on form</title>
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<script type="text/javascript" src="/tests/SimpleTest/EventUtils.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>
<form action="javascript:doDefault()" id="form">
<input type="submit" value="Do Default Action">
</form>
<pre id="test">
<script type="application/javascript">
SimpleTest.waitForExplicitFinish();
SimpleTest.waitForFocus(runTests);
var doDefaultAction = false;
function doDefault()
{
doDefaultAction = true;
}
function runTests()
{
let form = document.getElementById("form");
form.dispatchEvent(new Event('submit'));
setTimeout(() => {
ok(!doDefaultAction, "untrusted submit event shouldn't trigger form default action");
SimpleTest.finish();
});
}
</script>
</pre>
</body>
</html>

10
dom/html/HTMLFormElement.cpp
View File

@@ -474,7 +474,10 @@ nsresult
HTMLFormElement::GetEventTargetParent(EventChainPreVisitor& aVisitor) HTMLFormElement::GetEventTargetParent(EventChainPreVisitor& aVisitor)
{ {
aVisitor.mWantsWillHandleEvent = true; aVisitor.mWantsWillHandleEvent = true;
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this)) { // According to the UI events spec section "Trusted events", we shouldn't
// trigger UA default action with an untrusted event except click.
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
aVisitor.mEvent->IsTrusted()) {
uint32_t msg = aVisitor.mEvent->mMessage; uint32_t msg = aVisitor.mEvent->mMessage;
if (msg == eFormSubmit) { if (msg == eFormSubmit) {
if (mGeneratingSubmit) { if (mGeneratingSubmit) {
@@ -516,7 +519,10 @@ HTMLFormElement::WillHandleEvent(EventChainPostVisitor& aVisitor)
nsresult nsresult
HTMLFormElement::PostHandleEvent(EventChainPostVisitor& aVisitor) HTMLFormElement::PostHandleEvent(EventChainPostVisitor& aVisitor)
{ {
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this)) { // According to the UI events spec section "Trusted events", we shouldn't
// trigger UA default action with an untrusted event except click.
if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
aVisitor.mEvent->IsTrusted()) {
EventMessage msg = aVisitor.mEvent->mMessage; EventMessage msg = aVisitor.mEvent->mMessage;
if (msg == eFormSubmit) { if (msg == eFormSubmit) {
// let the form know not to defer subsequent submissions // let the form know not to defer subsequent submissions