[Webkit-unassigned] [Bug 47593] Require a user gesture to open the file dialog

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 22 22:33:56 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=47593





--- Comment #14 from Johnny(Jianning) Ding <jnd at chromium.org>  2011-02-22 22:33:55 PST ---
(In reply to comment #13)
> I will note that from reading the mozilla bug it seems like Firefox has mitigation against creating modal dialogs in a loop, which they apply to file chooser dialogs as well. I'm not sure if we do something similar. This is the type of exploit they wish to avoid (copied from the bug):
> 
> myFileControl = doc.getElementById('file');
> do {
>   myFileControl.click();
> } while (!fileContainsDirectionsToSecretVolcanoLair(myFileControl.files[0]));

Thanks Andy.

After reading mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=61098, I think it is to deal with how to avoid creating endless model dialog like alert, like you said it applies to file chooser dialogs as well in Firefox, but this webkit change is to disallow javascript to open the file dialog without user gesture. See the following test.


<input type=button value="click" onclick="open_file_dialog()" />
<input type=file id="file">
<script>
function open_file_dialog() {
  while (1) {
    document.getElementById("file").click();
  }
}
// try to open a file dialog in load stage.
document.getElementById("file").click();
</script>

In above test, function open_file_dialog opens file dialog in infinite loop.
In Firefox4, when loading the test, there is no file dialog, which is blocked because of no user gesture (we follow it from this webkit bug). When calling the function in user gesture stage, the patch for mozilla bug 61098 can allow only a few file dialogs (model dialog) to be popped up.

I test the following test case in Firefox4 and Safari with enabling popup blocker, they have same behavior. I think we should keep this patch.
Please correct me if I am wrong.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list