[Webkit-unassigned] [Bug 75158] Access keys do not work for frames that are not focused
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 3 16:54:03 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=75158
--- Comment #12 from Cem Kocagil <cem.kocagil+webkit at gmail.com> 2012-01-03 16:54:03 PST ---
(In reply to comment #11)
> This looks security sensitive.
>
> What guarantees that this doesn't introduce XSS? A frame could dispatch a keyboard event to another frame this way, or it could fool a user into pressing the access key combo, triggering an action in a different origin frame.
It doesn't look like dispatched events can trigger WebViewImpl::charEvent and my simple tests verified this (I'm not quite sure though). It would be strange if that was the case since it's a method of the webview itself, not the Page or a Frame.
The calls to EventHandler::handleAccessKey does not send events to other frames, it only finds the element corresponding to that accesskey and invokes accessKeyAction on that element.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list