New issue
Advanced search Search tips
Starred by 11 users
Status: Fixed
Owner:
Closed: Jun 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Status: ----
Launch-Test: ----
Launch-UI: ----
Product-Review: ----


Sign in to add a comment
Do not perform the default action on untrusted events (except click)
Project Member Reported by dtapu...@chromium.org, Aug 13 2015 Back to list
According to the spec http://www.w3.org/TR/DOM-Level-3-Events/#trusted-events

Trusted Events should not fire the default action (except click event).

This is enabled as a RuntimeFeature "TrustedEventsDefaultAction"

This bug tracks enabling it as stable.
 
Blocking: chromium:423975
Blockedon: chromium:520520
Comment 3 by rbyers@chromium.org, Aug 14 2015
See https://www.w3.org/Bugs/Public/show_bug.cgi?id=12230 for some standards-level discussion of this issue.
Comment 4 by rbyers@chromium.org, Aug 14 2015
Labels: -Type-Bug Type-Launch-OWP OWP-Standards-OfficialSpec OWP-Type-ChangeBehavior
Note that I think this may be sufficiently impactful to web developers that we should have a chromestatus.com entry and (once we're ready) do a quick "intent to ship" for it.
Blocking: chromium:160471
Comment 6 by rbyers@chromium.org, Aug 28 2015
Labels: -OS-Linux OS-All Hotlist-Interop
Blocking: chromium:381175
Labels: Hotlist-Input-Dev
Comment 9 by phistuck@gmail.com, Mar 31 2016
Hm... do you mean "untrusted events"? The specification to which the description links states that untrusted events, except "click", do not perform the default action.
Comment 10 by cvreb...@gmail.com, Mar 31 2016
The point is that the notion of "default actions" shouldn't exist in the first place, with the probable exception of `click` (because legacy). (So say the spec wonks.)
See https://dom.spec.whatwg.org/#action-versus-occurance and https://github.com/whatwg/html/issues/805
So I'm pretty sure "trusted" is correct here.
Comment 11 by phistuck@gmail.com, Mar 31 2016
While it perhaps should not, it does. For example, textarea.onkeydown = () => false; prevents the characters from showing up in the text area.

Only trusted events have default action (the character is entered) and only trusted events can be cancelled.

So the issue summary should be, "Do not perform the default action on untrusted events (except click)".
Comment 12 by phistuck@gmail.com, Mar 31 2016
*can be cancelled (and this cancellation will have a non JavaScript effect)
Summary: Do not perform the default action on untrusted events (except click) (was: Do not perform the default action on trusted events)
Project Member Comment 15 by bugdroid1@chromium.org, May 18 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/03448d3a657609024501bdb7f99ba1a2d20ffc2f

commit 03448d3a657609024501bdb7f99ba1a2d20ffc2f
Author: dtapuska <dtapuska@chromium.org>
Date: Wed May 18 13:38:49 2016

Update layout tests not to dispatch events directly.

A number of layout tests dispatched events directly to the nodes.
Use eventSender to send the appropriate events for these layout tests
instead.

BUG= 520519 

Review-Url: https://codereview.chromium.org/1988783002
Cr-Commit-Position: refs/heads/master@{#394404}

[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/accessibility/multiselect-list-reports-active-option.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/editing/execCommand/script-tests/break-out-of-empty-list-item.js
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/editing/style/highlight-insert-paragraph.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/dom/HTMLLabelElement/click-label.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/dom/HTMLMenuItemElement/menuitem-crash-asan.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/events/tab-crash-with-image-map.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/date-open-picker-with-f4-key.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/date-picker-open-without-focus.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/datetimelocal-open-picker-with-f4-key.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/month-open-picker-with-f4-key.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/calendar-picker/week-open-picker-with-f4-key.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/focus2.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/form-associated-element.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/image/input-image-submit.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/number/number-blur-twice.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/number/number-outofrange.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/number/number-stepup-stepdown-from-renderer-expected.txt
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/number/number-stepup-stepdown-from-renderer.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/number/number-type-update-by-change-event.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/onchange-change-type.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/range/range-keyoperation.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/range/range-stepup-stepdown-from-renderer-expected.txt
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/range/range-stepup-stepdown-from-renderer.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/resources/common-wheel-event.js
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/resources/picker-common.js
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/select/menulist-no-renderer-onmousedown.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/select/menulist-popup-crash.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/select/select-change-popup-to-listbox-in-event-handler.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/suggestion-picker/date-suggestion-picker-key-operations.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/suggestion-picker/datetimelocal-suggestion-picker-key-operations.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/suggestion-picker/month-suggestion-picker-key-operations.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/suggestion-picker/time-suggestion-picker-key-operations.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/suggestion-picker/week-suggestion-picker-key-operations.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/tabs-with-modifiers.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/time-multiple-fields/time-multiple-fields-focus.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/forms/time-multiple-fields/time-multiple-fields-open-picker-key-bindings.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/frames/focus-controller-crash-change-event.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/html/empty-fragment-id-goto-top.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/fast/html/tab-order.html
[modify] https://crrev.com/03448d3a657609024501bdb7f99ba1a2d20ffc2f/third_party/WebKit/LayoutTests/svg/custom/tabindex-order.html

Project Member Comment 16 by bugdroid1@chromium.org, May 18 2016
Comment 17 by tkent@chromium.org, May 27 2016
Blocking: 501357
Project Member Comment 18 by bugdroid1@chromium.org, Jun 17 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0f8ed74386ec1f3a3a54d764f24256808a10827

commit e0f8ed74386ec1f3a3a54d764f24256808a10827
Author: dtapuska <dtapuska@chromium.org>
Date: Fri Jun 17 08:23:41 2016

Don't rely on untrusted events in site isolation browser test.

The site isolation browser test for two iframes showing selects
simultaneously relies on untrusted events performing the default
action.

Since untrusted event dispatching will be removed from blink soon
fix this test.

BUG= 520519 

Review-Url: https://codereview.chromium.org/2077683003
Cr-Commit-Position: refs/heads/master@{#400397}

[modify] https://crrev.com/e0f8ed74386ec1f3a3a54d764f24256808a10827/content/browser/site_per_process_browsertest.cc
[modify] https://crrev.com/e0f8ed74386ec1f3a3a54d764f24256808a10827/content/test/data/site_isolation/page-with-select.html

Comment 19 by tkent@chromium.org, Jun 21 2016
 Issue 22656  has been merged into this issue.
Project Member Comment 21 by bugdroid1@chromium.org, Jun 21 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/afc3aed8662f751c5403fd6a2ba8cbe6e1e41ace

commit afc3aed8662f751c5403fd6a2ba8cbe6e1e41ace
Author: dtapuska <dtapuska@chromium.org>
Date: Tue Jun 21 23:44:31 2016

Fix android webview unit tests to dispatch correct click event.

The click event had the incorrect event type. It should be a mouse event
and not a generic event.

BUG= 520519 

Review-Url: https://codereview.chromium.org/2089763002
Cr-Commit-Position: refs/heads/master@{#401138}

[modify] https://crrev.com/afc3aed8662f751c5403fd6a2ba8cbe6e1e41ace/android_webview/javatests/src/org/chromium/android_webview/test/util/JSUtils.java

Project Member Comment 22 by bugdroid1@chromium.org, Jun 21 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0a3db18907800f929a288c39c396c3143ee145f9

commit 0a3db18907800f929a288c39c396c3143ee145f9
Author: dtapuska <dtapuska@chromium.org>
Date: Tue Jun 21 23:53:54 2016

Add a command line option to the running of some file manager tests

These file manager tests dispatch untrusted events at the DOM. Blink
is changing the default for this option.

Ultimately these tests need to be reworked so they don't dispatch
default actions.

BUG= 520519 

Review-Url: https://codereview.chromium.org/2088003002
Cr-Commit-Position: refs/heads/master@{#401141}

[modify] https://crrev.com/0a3db18907800f929a288c39c396c3143ee145f9/chrome/browser/chromeos/file_manager/file_manager_browsertest.cc

Project Member Comment 23 by bugdroid1@chromium.org, Jun 22 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aa38a3bf68c3704a42a3588cfa6476e1f1754374

commit aa38a3bf68c3704a42a3588cfa6476e1f1754374
Author: dtapuska <dtapuska@chromium.org>
Date: Wed Jun 22 15:41:10 2016

Disable chromevox time widget and date widget tests.

These are deprecated test suites and they conflict with the blink feature
to disable dispatching the default action on untrusted events.

Disable them since this code will eventually be removed when chromevox2
moves from beta to stable and it is not worth spending time fixing them.

BUG= 520519 
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2084003004
Cr-Commit-Position: refs/heads/master@{#401289}

[modify] https://crrev.com/aa38a3bf68c3704a42a3588cfa6476e1f1754374/chrome/browser/resources/chromeos/chromevox/chromevox/injected/event_watcher_test.unitjs

Project Member Comment 24 by bugdroid1@chromium.org, Jun 22 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6f41102f11e37521b65031a19600375f4319cda8

commit 6f41102f11e37521b65031a19600375f4319cda8
Author: dmazzoni <dmazzoni@chromium.org>
Date: Wed Jun 22 16:05:16 2016

Avoid changing select element via synthesized keydown from ChromeVox test

BUG= 520519 
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:closure_compilation

Review-Url: https://codereview.chromium.org/2087913002
Cr-Commit-Position: refs/heads/master@{#401295}

[modify] https://crrev.com/6f41102f11e37521b65031a19600375f4319cda8/chrome/browser/resources/chromeos/chromevox/cvox2/background/background_test.extjs
[modify] https://crrev.com/6f41102f11e37521b65031a19600375f4319cda8/chrome/browser/resources/chromeos/chromevox/testing/chromevox_e2e_test_base.js

Project Member Comment 25 by bugdroid1@chromium.org, Jun 22 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/887e8fba784c801afbda06799a99284421408ff1

commit 887e8fba784c801afbda06799a99284421408ff1
Author: dtapuska <dtapuska@chromium.org>
Date: Wed Jun 22 23:40:18 2016

Enable do not allow default action for untrusted events.

Approved intent to ship: https://groups.google.com/a/chromium.org/d/msg/blink-dev/WEMnlVIbe70/i2MJcEtNBgAJ

BUG= 565760 , 423975 , 520519 

Review-Url: https://codereview.chromium.org/2070053004
Cr-Commit-Position: refs/heads/master@{#401463}

[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/FlagExpectations/root-layer-scrolls
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/NeverFixTests
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/VirtualTestSuites
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/fast/events/dispatch-synthetic-keyboardevent-no-action-expected.txt
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/fast/events/simulated-key-state-expected.txt
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/fast/events/simulated-key-state.html
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/plugins/user-gesture-expected.txt
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/LayoutTests/plugins/user-gesture.html
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/virtual/trustedeventsdefaultaction/fast/events/README.txt
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/virtual/trustedeventsdefaultaction/fast/events/dispatch-synthetic-keyboardevent-no-action-expected.txt
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/virtual/trustedeventsdefaultaction/fast/events/simulated-key-state-expected.txt
[delete] https://crrev.com/b2b31390d6845f42b5966f854e90f69ff39705e0/third_party/WebKit/LayoutTests/virtual/trustedeventsdefaultaction/fast/events/stop-load-in-unload-handler-using-window-stop-expected.txt
[modify] https://crrev.com/887e8fba784c801afbda06799a99284421408ff1/third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in

Status: Fixed
Labels: M-53
A question: does this change impact input events ?

For example, if you do -- 

```js

document.addEventListener( 'input', e => console.log( e ) );

document.querySelector( 'input[type="text"]#custom_security_question' ).focus();

document.execCommand( 'insertText', 'am I retired because I am a replicant?' );

```

Then we clearly see that the input event fires with isTrusted set true ( tested in latest Chrome Canary 53 / rev 81ef0c415c3f35bb838e6bbf41d0acbf634eb92c-refs/branch-heads/2781@{#3} )

Is this intended ? 

I certainly hope so, and certainly hope and advocate for this behaviour not being changed ( if relevant, let us know if this should be taken up on W3C discussion ). 

Because otherwise accessibility related assistive technologies, and supplementary automation technologies running atop Chrome may experience interruptions to their serviceability.



Comment 29 Deleted
Second question: will these changes impact events created over the wire through CDP ( Chrome Debugging Protocol ) ? 

For example, see some of the input API surface, here : 

https://chromedevtools.github.io/debugger-protocol-viewer/tot/Input/ 

Again, I certainly hope these isTrusted authorization checks to perform or not the default action, will not affect events dispatched from the debugging protocol, as this may then limit the ability of various tools ( including dev tools ) to workably instrument web pages. 
Regarding #28. The event is dispatched inside the execCommand so the UA is generating a trusted event. This is the same that firefox is doing as well. So it should be fine.

Regarding #29. Events in the debugger protocol are injected into the UA; so Blink sees them identically as hardware input so they are trusted events as well.

This is great. And thanks very much for your time making the quick reply. 
Blocking: 642698
Note that UMA data shows that the UntrustedEventDefaultHandled UseCounter is now hit on ~0.005% of page views on Windows and ~0.04% of page views on Android (probably due to fastclick.js - see  issue 642698 ).  That's substantially higher than the data we saw during dev channel on which the intent-to-remove was based :-(.
Project Member Comment 35 by bugdroid1@chromium.org, Sep 28 2016
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c91f160cc90f59788a036c20f75698ae7ff433be

commit c91f160cc90f59788a036c20f75698ae7ff433be
Author: dtapuska <dtapuska@chromium.org>
Date: Tue Sep 27 21:56:44 2016

Remove untrusted event deprecation warning.

The feature now has shipped and we don't need the warning anymore.
The runtime setting is still available since one unit test still uses it.
I need to get some cycles to see if that can be removed.

BUG= 520519 

Review-Url: https://codereview.chromium.org/2375583003
Cr-Commit-Position: refs/heads/master@{#421351}

[modify] https://crrev.com/c91f160cc90f59788a036c20f75698ae7ff433be/third_party/WebKit/Source/core/events/EventDispatcher.cpp
[modify] https://crrev.com/c91f160cc90f59788a036c20f75698ae7ff433be/third_party/WebKit/Source/core/frame/Deprecation.cpp
[modify] https://crrev.com/c91f160cc90f59788a036c20f75698ae7ff433be/third_party/WebKit/Source/core/frame/UseCounter.h

I dont agree..
I think the ability to click on a "div" that is styled and open the <select multiple> type of element. Should open the pop up on android, and right now, it is not opening, when we call [element].click() or focus() 
This works on IOS though. And i see no, security risk, because its just a pop up, that the user will have to confirm?


#36 - does tapping on a <label for="id of <select>"> work in this case? If so, just use it in that <div>.
Nop.. even the click on the label by the user it self, wont trigger the open of the native android dialog...  although it kind of focus on the select element. But does not open the "options" for the user to select.

Check this jsbin: https://jsbin.com/vohuvocori/edit?html,js,output
Comment 39 by zhenjun....@gmail.com, Nov 14 (4 days ago)
Is that possible to enable default actions for these "untrusted events" for test purpose? I'm developing an extension to simulate some events, I found I cannot do that on some events, like mouseover, hover, etc.

I think maybe we can have one startup option for this.
https://peter.sh/experiments/chromium-command-line-switches/
Comment 40 by dtapu...@chromium.org, Nov 14 (4 days ago)
You can already use --disable-blink-feature=TrustedEventsDefaultAction

But if you really want to ship your extension ever you probably want to inject input using the devtools (see https://developer.chrome.com/extensions/debugger and https://chromedevtools.github.io/devtools-protocol/tot/Input/)
Comment 41 by zhenjun....@gmail.com, Nov 17 (2 days ago)
#40, Thank you for your response. I think the option is --disable-blink-features(with an extra s), I tried both --disable-blink-feature and --disable-blink-features, but I still cannot trigger 'mouseover' action by my extension. Maybe I should try devtools you suggested.
Sign in to add a comment