Summary: | A user gesture bug which can bypass popup blocker using iframe SRC | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Johnny(Jianning) Ding <jnd> | ||||||||
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | abarth, cevans, commit-queue | ||||||||
Priority: | P2 | ||||||||||
Version: | 528+ (Nightly build) | ||||||||||
Hardware: | PC | ||||||||||
OS: | OS X 10.5 | ||||||||||
Attachments: |
|
Description
Johnny(Jianning) Ding
2011-01-27 09:09:19 PST
Created attachment 80339 [details]
test case2
Created attachment 80344 [details]
patch v1
This patch uses way 1.
Can we just remove that parameter entirely? Now that we keep the gesture state in a static variable, we shouldn't need to pass it around explicitly. (In reply to comment #3) > Can we just remove that parameter entirely? Now that we keep the gesture state in a static variable, we shouldn't need to pass it around explicitly. Currently when you type javascript URL in address bar and press Enter, the WebKit port will directly call ScriptController::executeScript(url, true, ...). So you mean we can change all those calls to the following way, { UserGestureIndicator gestureIndicator(DefinitelyProcessingUserGesture); ScriptController::executeScript(url, ...); } I think we can do that, but I need to re-check all related code and it will change lots of code. I think we may need to file another bug for removing "forceUserGesture" parameter. Does it make sense? > Does it make sense?
Yep. Sounds like a good follow-up patch.
Filed bug 53286 to track the patch of removing the "forceUserGesture" parameter of function ScriptController::executeScript. Adam, would you please review my patch for this bug? We want to get it fixed asap. Thanks! Comment on attachment 80344 [details]
patch v1
Looks reasonable. I'm most excited about the test. :)
Can we land this on trunk? We can handle merging it as appropriate :) Comment on attachment 80344 [details]
patch v1
Sure.
The commit-queue encountered the following flaky tests while processing attachment 80344 [details]: http/tests/xmlhttprequest/basic-auth-nopassword.html bug 53170 The commit-queue is continuing to process your patch. Comment on attachment 80344 [details] patch v1 Clearing flags on attachment: 80344 Committed r77049: <http://trac.webkit.org/changeset/77049> All reviewed patches have been landed. Closing bug. CVE-2011-1194 shared with https://bugs.webkit.org/show_bug.cgi?id=53424 |