Issue 786063 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	mustaq@chromium.org
Closed:	Nov 2017
Cc:	dtapu...@chromium.org keishi@chromium.org mustaq@chromium.org
Components:	Blink>Forms Blink>Input
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

FileInputType can trigger through "redirected" clicks

Project Member Reported by mustaq@chromium.org, Nov 16 2017

Issue description

The file-open dialog for <input type="file"> is shown even for untrusted events.  As a result, it is possible to make a user click on one <input>:
- open the file-open dialog for another <input>, or
- open the file-open dialog multiple times.

Repro: See Step 2 in https://output.jsbin.com/duqodib
(Ignore the "v2" behavior in the repro, those are related to  Issue 772432 .)

Here is the code: https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/html/forms/FileInputType.cpp?rcl=db60e6825b2fd3832b36a959e71a33005632e218&l=152

I think we should allow only trusted events to open the dialog.

Comment 1 by mustaq@chromium.org, Nov 20 2017

Owner: mustaq@chromium.org
Status: WontFix (was: Available)

While examining my quick CL, I realized that click always executes the default action, even for untrusted events, which is what the spec wants for backward compat:
https://w3c.github.io/uievents/#trusted-events

Closing the bug since we have to allow the scenario mentioned above.

►

Issue 786063 link

Issue metadata

FileInputType can trigger through "redirected" clicks

Issue description

Comment 1 by mustaq@chromium.org, Nov 20 2017

Comment 1 Deleted

Sign in to add a comment