onclick on svg elements referenced by use tag not firing
Reported by
kevinjpl...@gmail.com,
Nov 21 2016
|
||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36 Steps to reproduce the problem: 1. Go to https://jsfiddle.net/vinterros/kgrm2mjp/ (not my fiddle but vinterros found same issue but seems to not have reported it) 2. Clicking the red square which is referenced via a <use> tag doesn't fire onclick event 3. Clicking the blue square which is a direct onclick does fire onclick event. What is the expected behavior? The onclick event of an svg element referenced via <use> should fire. What went wrong? The latest version of chrome doesn't fire an onclick event on an svg referenced via <use>. Did this work before? Yes 53 (approx) Chrome version: 54.0.2840.99 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 23.0 r0
,
Nov 21 2016
,
Nov 21 2016
Able to reproduce the issue on Win 10 - 54.0.2840.99, 57.0.2926.0 canary & Mac OSX 10.11.6 - 54.0.2840.98, 57.0.2926.0 canary Clicking on both red & blue squares does fire an onclick event on Microsoft Edge 25.10586.0.0
,
Nov 22 2016
Able to reproduce the issue on windows-7, Mac-10.11.6 and Linux Ubuntu-14.04 using chrome stable version 54.0.2840.99 and canary 57.0.2926.0 This is regression issue broken in M54.Please find the bisect information as below Narrow Bisect:: =============== Good :54.0.2817.0 -- (build revision 409416) Bad:: 54.0.2819.0 -- (build revision 409769) ChangeLog: ================ https://chromium.googlesource.com/chromium/src/+log/476d90d93453f586a13e7bf83e596663a708a7b9..c4f2b0897923d1fa54fd2b644f6771290e812f4b possible suspect ================== c4f2b0897923d1fa54fd2b644f6771290e812f4b Review URL: https://codereview.chromium.org/2186823002 hayato@ could you please look into this issue if it is related to your change,else please help us in finding the appropriate owner for this issue. Thanks.
,
Nov 23 2016
,
Nov 28 2016
,
Nov 28 2016
,
Nov 28 2016
This is an intended behavior, as of now, for a security reason. See the followings for details: - https://codereview.chromium.org/2186823002 - https://bugs.chromium.org/p/chromium/issues/detail?id=630870
,
Nov 28 2016
Thanks hayato@ for looking into this. Do you know of any workarounds we could apply? We have many complex svgs that implement this behavior.
,
Nov 28 2016
I could not think of any workaround. Sorry for the inconvenience. I think we should rewrite SVG's <use> element at first. See https://bugs.chromium.org/p/chromium/issues/detail?id=637641. Then, we could try to fix the current inconvenient behavior. Let me raise the priority of the issue, though I am not sure how soon we can fix this. :(
,
Nov 28 2016
Thanks hayato@ We will very much appreciate a solution!
,
Dec 2 2016
,
Jan 27 2017
,
Feb 5 2017
I'm surprised that you allowed such a major regression in order to fix that XSS. Mouse events in <use> are hardly uncommon and are now broken in Chrome and still working in the other major browsers. A fix would surely involve restoring a lot of the code removed by hayato@. This bug and ones like 578682 and 545467 really make it hard to consistently use SVG in Chrome, because you arbitrarily don't support and even remove support for vital parts.
,
Feb 6 2017
I appreciate if someone could work on this. I do not have a plan to work on this soon, as of now.
,
Feb 6 2017
Also, please star this issue if someone wants this feature to be fixed. We might use the number of stars to decide the priority.
,
Feb 8 2017
hayato: couldn't a simple fix be to adjust the targets of the triggered events to match the shadow tree of the <use> element?
,
Feb 9 2017
> hayato: couldn't a simple fix be to adjust the targets of the triggered events to match the shadow tree of the <use> element? I don't think so. Actually, we already do that. That doesn't prevent an event listener which user registered (and was copied to a node of a shadow tree) from accessing a node in <use>'s shadow tree. via `event.currentTarget`.
,
Mar 10 2017
We should prioritize fixing this, but doing so requires collaboration between a shadow DOM expert and an SVG expert. Maybe we try to get this done next quarter, when I will have some time to work on it?
,
Mar 11 2017
Yeah, I think this is P1 issue which must be fixed asap. Let me work on this issue next week. Our team has a P1 bug fixit in the next week. I plan to replace a user-agent shadow tree with a normal shadow tree in <svg> element, then re-land the code which was removed in https://codereview.chromium.org/2186823002. I have to check SVG specification again to know my plan meets the spec's requirements.
,
Mar 11 2017
,
Mar 15 2017
,
Mar 15 2017
Remove Blink>DOM>Events
,
Mar 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b586056392985ae99a88b83e66a4685e356020d2 commit b586056392985ae99a88b83e66a4685e356020d2 Author: hayato <hayato@chromium.org> Date: Fri Mar 17 07:08:33 2017 Support event handling in SVG's use-element shadow trees The spec is: https://svgwg.org/svg2-draft/struct.html#UseShadowTree (5.6.1. The use-element shadow tree) This CL is basically a fix for a regression, which was intentionally introduced in https://codereview.chromium.org/2186823002, where I removed the code to prevent universal XSS. The most part of this CL is a re-land of the code which was removed there. See also the following CLs as necessary changes before landing this CL: - https://codereview.chromium.org/2537143004 - https://codereview.chromium.org/2752763002 Regarding, event#currentTarget(), the current spec is unclear. So, this CL honored the original behavior. BUG= 667324 Review-Url: https://codereview.chromium.org/2742293006 Cr-Commit-Position: refs/heads/master@{#457705} [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/paint/invalidation/svg/use-instanceRoot-event-bubbling-expected.txt [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/resources/use-instanceRoot-event-bubbling.js [delete] https://crrev.com/127e697b3d265b427a83a9e82cb5fcc2ef12d395/third_party/WebKit/LayoutTests/svg/custom/use-event-attribute.html [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element-addEventListener-expected.txt [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element-addEventListener.svg [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element-expected.txt [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element-hierarchy-expected.txt [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element-hierarchy.svg [add] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-event-handler-on-referenced-element.svg [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/LayoutTests/svg/custom/use-instanceRoot-event-listener-liveness.xhtml [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/bindings/core/v8/V8LazyEventListener.h [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/Event.cpp [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/Event.h [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/EventListener.h [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/EventListenerMap.cpp [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/EventListenerMap.h [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/events/EventPath.cpp [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/layout/HitTestResult.cpp [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/svg/SVGUseElement.cpp [modify] https://crrev.com/b586056392985ae99a88b83e66a4685e356020d2/third_party/WebKit/Source/core/svg/SVGUseElement.h
,
Mar 17 2017
,
Mar 17 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/56b1ac1be5b34735541c864d6de5b61e3091258d commit 56b1ac1be5b34735541c864d6de5b61e3091258d Author: Rebaseline Bot <blink-rebaseline-bot@chromium.org> Date: Fri Mar 17 08:51:18 2017 Auto-rebaseline for r457705 Build: https://build.chromium.org/p/chromium.infra.cron/builders/rebaseline-o-matic/builds/634812 https://chromium.googlesource.com/chromium/src/+/b586056392985 BUG= 667324 TBR=hayato@chromium.org Review-Url: https://codereview.chromium.org/2760563002 . Cr-Commit-Position: refs/heads/master@{#457718} [modify] https://crrev.com/56b1ac1be5b34735541c864d6de5b61e3091258d/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/56b1ac1be5b34735541c864d6de5b61e3091258d/third_party/WebKit/LayoutTests/platform/linux/svg/custom/use-event-handler-on-referenced-element-expected.png [modify] https://crrev.com/56b1ac1be5b34735541c864d6de5b61e3091258d/third_party/WebKit/LayoutTests/platform/mac/svg/custom/use-event-handler-on-referenced-element-expected.png [modify] https://crrev.com/56b1ac1be5b34735541c864d6de5b61e3091258d/third_party/WebKit/LayoutTests/platform/win/svg/custom/use-event-handler-on-referenced-element-expected.png |
||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Nov 21 2016Labels: Needs-Bisect