53424 2011-01-31 08:14:20 -0800 Don't manually set user gesture in HTMLAnchorElement's click handle. 2011-03-10 00:04:44 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 1 jnd jnd abarth cevans commit-queue oldest_to_newest 342581 0 jnd 2011-01-31 08:14:20 -0800 Currently, WebKit manually sets user gesture in HTMLAnchorElement's click handle. (HTMLAnchorElement.cpp, line 555). There is a FIXME comment in line 554 and says "This seems wrong. Why are we manufactuing a user gesture?". Yes, current behavior is wrong. With it, people can create custom events to force to open popup windows without real use gesture. See the following code which forces to pop up new window without user gesture. (copy from http://crbug.com/71167) <A id=test href="javascript:window.open('http://www.google.com','','height=200,width=200')" target=_blank>test</A> <SCRIPT> oClickEvent = document.createEvent("MouseEvents"); oClickEvent.initEvent("click", true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null); document.getElementById("test").dispatchEvent(oClickEvent); </SCRIPT> The current behavior was added in r20813<http://trac.webkit.org/changeset/20813>, I don't think we need to keep this logic now. Will remove the logic of setting user gesture in HTMLAnchorElement's click handle and add a test for regression. 343083 1 80729 jnd 2011-02-01 01:35:57 -0800 Created attachment 80729 patch v1 343613 2 80729 commit-queue 2011-02-01 15:52:40 -0800 Comment on attachment 80729 patch v1 Clearing flags on attachment: 80729 Committed r77329: <http://trac.webkit.org/changeset/77329> 343614 3 commit-queue 2011-02-01 15:52:45 -0800 All reviewed patches have been landed. Closing bug. 365022 4 cevans 2011-03-10 00:04:44 -0800 This is also CVE-2011-1194; see https://bugs.webkit.org/show_bug.cgi?id=53244 80729 2011-02-01 01:35:57 -0800 2011-02-01 15:52:39 -0800 patch v1 patch_untrust_click.txt text/plain 4258 jnd SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDc3MTQzKQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMDEtMzEgIEpvaG5ueSBE aW5nICA8am5kQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBEb24ndCBzZXQgdXNlciBnZXN0dXJlIGluIEhUTUxBbmNob3JFbGVt ZW50J3MgY2xpY2sgaGFuZGxlciBiZWNhdXNlIHRoZSBjbGljayBoYW5kbGVyIGNhbiBiZSB0cmln Z2VyZWQgYnkgdW50cnVzdGVkIGV2ZW50LgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9NTM0MjQKKworICAgICAgICBUZXN0OiBmYXN0L2V2ZW50cy9wb3B1 cC1ibG9ja2VkLWZyb20tdW50cnVzdGVkLWNsaWNrLWV2ZW50LW9uLWFuY2hvci5odG1sCisKKyAg ICAgICAgKiBodG1sL0hUTUxBbmNob3JFbGVtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6Omhh bmRsZUxpbmtDbGljayk6CisKIDIwMTEtMDEtMjcgIEFiaGlzaGVrIEFyeWEgIDxpbmZlcm5vQGNo cm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBEYXZlIEh5YXR0LgpJbmRleDogU291 cmNlL1dlYkNvcmUvaHRtbC9IVE1MQW5jaG9yRWxlbWVudC5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL1dlYkNvcmUvaHRtbC9IVE1MQW5jaG9yRWxlbWVudC5jcHAJKHJldmlzaW9uIDc3MTIxKQor KysgU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MQW5jaG9yRWxlbWVudC5jcHAJKHdvcmtpbmcgY29w eSkKQEAgLTU1MSw4ICs1NTEsNiBAQCB2b2lkIGhhbmRsZUxpbmtDbGljayhFdmVudCogZXZlbnQs IERvY3VtCiAgICAgRnJhbWUqIGZyYW1lID0gZG9jdW1lbnQtPmZyYW1lKCk7CiAgICAgaWYgKCFm cmFtZSkKICAgICAgICAgcmV0dXJuOwotICAgIC8vIEZJWE1FOiBUaGlzIHNlZW1zIHdyb25nLiAg V2h5IGFyZSB3ZSBtYW51ZmFjdHVpbmcgYSB1c2VyIGdlc3R1cmU/Ci0gICAgVXNlckdlc3R1cmVJ bmRpY2F0b3IgaW5kaWNhdG9yKERlZmluaXRlbHlQcm9jZXNzaW5nVXNlckdlc3R1cmUpOwogICAg IGZyYW1lLT5sb2FkZXIoKS0+dXJsU2VsZWN0ZWQoZG9jdW1lbnQtPmNvbXBsZXRlVVJMKHVybCks IHRhcmdldCwgZXZlbnQsIGZhbHNlLCBmYWxzZSwgaGlkZVJlZmVycmVyID8gTm9SZWZlcnJlciA6 IFNlbmRSZWZlcnJlcik7CiB9CiAKSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDc3MTQzKQorKysgTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTEtMDEt MzEgIEpvaG5ueSBEaW5nICA8am5kQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBEb24ndCBzZXQgdXNlciBnZXN0dXJlIGluIEhU TUxBbmNob3JFbGVtZW50J3MgY2xpY2sgaGFuZGxlciBiZWNhdXNlIHRoZSBjbGljayBoYW5kbGVy IGNhbiBiZSB0cmlnZ2VyZWQgYnkgdW50cnVzdGVkIGV2ZW50LgorICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTM0MjQKKworICAgICAgICAqIGZhc3QvZXZl bnRzL3BvcHVwLWJsb2NrZWQtZnJvbS11bnRydXN0ZWQtY2xpY2stZXZlbnQtb24tYW5jaG9yLWV4 cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC9ldmVudHMvcG9wdXAtYmxvY2tlZC1m cm9tLXVudHJ1c3RlZC1jbGljay1ldmVudC1vbi1hbmNob3IuaHRtbDogQWRkZWQuCisKIDIwMTEt MDEtMzEgIERhbiBCZXJuc3RlaW4gIDxtaXR6QGFwcGxlLmNvbT4KIAogICAgICAgICBSZW1vdmUg ZXhwZWN0ZWQgcmVzdWx0cyBpbiBtYWMtd2syIGFuZCB3aW4gdGhhdCBhcmUgZXF1YWwgdG8gdGhl IG1hYyByZXN1bHRzIGFmdGVyIHI3NzEzOC4KSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZXZlbnRz L3BvcHVwLWJsb2NrZWQtZnJvbS11bnRydXN0ZWQtY2xpY2stZXZlbnQtb24tYW5jaG9yLWV4cGVj dGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2V2ZW50cy9wb3B1cC1ibG9j a2VkLWZyb20tdW50cnVzdGVkLWNsaWNrLWV2ZW50LW9uLWFuY2hvci1leHBlY3RlZC50eHQJKHJl dmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2V2ZW50cy9wb3B1cC1ibG9ja2VkLWZyb20t dW50cnVzdGVkLWNsaWNrLWV2ZW50LW9uLWFuY2hvci1leHBlY3RlZC50eHQJKHJldmlzaW9uIDAp CkBAIC0wLDAgKzEsMyBAQAordGVzdAorUEFTUyB3aW4gaXMgdW5kZWZpbmVkLgorCkluZGV4OiBM YXlvdXRUZXN0cy9mYXN0L2V2ZW50cy9wb3B1cC1ibG9ja2VkLWZyb20tdW50cnVzdGVkLWNsaWNr LWV2ZW50LW9uLWFuY2hvci5odG1sCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvZXZl bnRzL3BvcHVwLWJsb2NrZWQtZnJvbS11bnRydXN0ZWQtY2xpY2stZXZlbnQtb24tYW5jaG9yLmh0 bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2V2ZW50cy9wb3B1cC1ibG9ja2Vk LWZyb20tdW50cnVzdGVkLWNsaWNrLWV2ZW50LW9uLWFuY2hvci5odG1sCShyZXZpc2lvbiAwKQpA QCAtMCwwICsxLDMyIEBACis8aHRtbD4gCisgICAgPGhlYWQ+CisgICAgICAgIDxsaW5rIHJlbD0i c3R5bGVzaGVldCIgaHJlZj0iLi4vanMvcmVzb3VyY2VzL2pzLXRlc3Qtc3R5bGUuY3NzIj4KKyAg ICAgICAgPHNjcmlwdCBzcmM9Ii4uL2pzL3Jlc291cmNlcy9qcy10ZXN0LXByZS5qcyI+PC9zY3Jp cHQ+CisgICAgPC9oZWFkPgorICAgIDxib2R5PgorICAgICAgICA8YSBpZD10ZXN0IGhyZWY9Imph dmFzY3JpcHQ6cG9wdXAoKSI+dGVzdDwvYT4KKyAgICAgICAgPGRpdiBpZD0iY29uc29sZSI+PC9k aXY+CisgICAgICAgIDxzY3JpcHQ+IAorICAgICAgICAgICAgdmFyIHdpbjsKKyAgICAgICAgICAg IGZ1bmN0aW9uIHBvcHVwKCkgeworICAgICAgICAgICAgICAgIHdpbiA9IHdpbmRvdy5vcGVuKCdh Ym91dDpibGFuaycsJ2JsYW5rJywnaGVpZ2h0PTIwMCx3aWR0aD0yMDAnKTsKKyAgICAgICAgICAg ICAgICBzaG91bGRCZVVuZGVmaW5lZCgid2luIik7CisgICAgICAgICAgICB9CisKKyAgICAgICAg ICAgIGlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgICAgICAgICAgICAgICBs YXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CisgICAgICAgICAgICAgICAgbGF5b3V0 VGVzdENvbnRyb2xsZXIuc2V0Q2FuT3BlbldpbmRvd3MoKTsKKyAgICAgICAgICAgICAgICBsYXlv dXRUZXN0Q29udHJvbGxlci5zZXRQb3B1cEJsb2NraW5nRW5hYmxlZCh0cnVlKTsKKyAgICAgICAg ICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5zZXRDbG9zZVJlbWFpbmluZ1dpbmRvd3NXaGVu Q29tcGxldGUodHJ1ZSk7CisgICAgICAgICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIud2Fp dFVudGlsRG9uZSgpOworICAgICAgICAgICAgfQorCisgICAgICAgICAgICBjbGlja0V2ZW50ID0g ZG9jdW1lbnQuY3JlYXRlRXZlbnQoIk1vdXNlRXZlbnRzIik7CisgICAgICAgICAgICBjbGlja0V2 ZW50LmluaXRFdmVudCgiY2xpY2siLCB0cnVlLCB0cnVlLCBkb2N1bWVudC5kZWZhdWx0Vmlldywg MCwgMCwgMCwgMCwgMCwgZmFsc2UsIGZhbHNlLCBmYWxzZSwgZmFsc2UsIDAsIG51bGwpOworICAg ICAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInRlc3QiKS5kaXNwYXRjaEV2ZW50KGNs aWNrRXZlbnQpOworCisgICAgICAgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVy KQorICAgICAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLm5vdGlmeURvbmUoKTsKKyAg ICAgICAgPC9zY3JpcHQ+IAorICAgIDwvYm9keT4gCis8L2h0bWw+Cg==