Double-click can trigger unintended action |
|||||
Issue descriptionPotentially dangerous situation is possible when user is performing double-click on UI element. If window (bubble, dialog, etc.) is being shown as a result of the first click, the control under the mouse cursor (for example button on the bubble) can be activated with the second click. This wasn't the intention of the user as the time between clicks was too short to read the contents of the window that appeared. For example, user can accidentally click "Accept" button on the permission prompt bubble.
,
Jul 17
,
Jul 17
This is bug 63773, I don't think it needs to be view restricted.
,
Jul 18
Changing the type to Bug to remove view restriction.
,
Jul 18
I'm attaching some screenshots to clarify the context of this bug and provide the real example. double-click-0.png - Web page displays "CHECK MY MICROPHONE" button. Malicious web page could display "Double-click to win the price!" here. User moves mouse cursor over the "CHECK" word and tries to double-clicks it. double-click-1.png - Permission prompt is displayed immediately after the first click. Mouse cursor is over the "Allow" button now. Time for the second click from the double-click. double-click-2.png - Microphone permission has been granted. User's intention was to double-click the "CHECK MY MICROPHONE" button but the second click unintentionally triggered an action that granted the permission.
,
Sep 14
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8f676f5a701605f6f01ecade4652ee72d55edbfa commit 8f676f5a701605f6f01ecade4652ee72d55edbfa Author: Tomasz Moniuszko <tmoniuszko@opera.com> Date: Fri Sep 14 11:44:34 2018 Add double-click protection to bubbles Potentially dangerous situation is possible when user is performing double-click on UI element. If bubble is being shown as a result of the first click, the control under the mouse cursor (button on the bubble) can be activated with the second click. This wasn't the intention of the user as the time between clicks was too short to read the contents in the bubble that appeared. For example, user can accidentally click "Accept" button on the permission prompt bubble. This CL adds protection against such unintended clicks. Mouse and touch events are ignored for a short period of time after bubble has been shown. Bug: 864530 Change-Id: I54d229bf39dd000079b9eabd8de1cfba5103a022 Reviewed-on: https://chromium-review.googlesource.com/1140307 Commit-Queue: Tomasz Moniuszko <tmoniuszko@opera.com> Reviewed-by: Michael Wasserman <msw@chromium.org> Cr-Commit-Position: refs/heads/master@{#591324} [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/chrome/browser/ui/views/autofill/save_card_bubble_views_browsertest_base.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/chrome/browser/ui/views/sync/one_click_signin_dialog_view_unittest.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/chrome/browser/ui/views/toolbar/toolbar_actions_bar_bubble_views_unittest.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/BUILD.gn [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/bubble/bubble_dialog_delegate_view_unittest.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/bubble/bubble_frame_view.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/bubble/bubble_frame_view.h [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/bubble/bubble_frame_view_unittest.cc [add] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/event_utils.cc [add] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/event_utils.h [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/window/dialog_client_view.cc [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/window/dialog_client_view.h [modify] https://crrev.com/8f676f5a701605f6f01ecade4652ee72d55edbfa/ui/views/window/dialog_client_view_unittest.cc
,
Sep 14
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by tmonius...@opera.com
, Jul 17