[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

satish at chromium.org satish at chromium.org
Wed Dec 22 13:07:06 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 8e08ef70faf7f5160793ca2b7272480a81ffcbde
Author: satish at chromium.org <satish at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Sep 7 12:47:17 2010 +0000

    2010-09-07  Satish Sampath  <satish at chromium.org>
    
            Reviewed by Jeremy Orlow.
    
            Ignore programmatic clicks on speech input button for security reasons.
            https://bugs.webkit.org/show_bug.cgi?id=45181
    
            * fast/speech/speech-button-ignore-generated-events-expected.txt: Added.
            * fast/speech/speech-button-ignore-generated-events.html: Added.
    2010-09-07  Satish Sampath  <satish at chromium.org>
    
            Reviewed by Jeremy Orlow.
    
            Ignore programmatic clicks on speech input button for security reasons.
            https://bugs.webkit.org/show_bug.cgi?id=45181
    
            Test: fast/speech/speech-button-ignore-generated-events.html
    
            * rendering/TextControlInnerElements.cpp:
            (WebCore::InputFieldSpeechButtonElement::defaultEventHandler):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@66878 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fb66141..1145f00 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-07  Satish Sampath  <satish at chromium.org>
+
+        Reviewed by Jeremy Orlow.
+
+        Ignore programmatic clicks on speech input button for security reasons.
+        https://bugs.webkit.org/show_bug.cgi?id=45181
+
+        * fast/speech/speech-button-ignore-generated-events-expected.txt: Added.
+        * fast/speech/speech-button-ignore-generated-events.html: Added.
+
 2010-09-07  Pavel Podivilov  <podivilov at chromium.org>
 
         Reviewed by Yury Semikhatsky.
diff --git a/LayoutTests/fast/speech/speech-button-ignore-generated-events-expected.txt b/LayoutTests/fast/speech/speech-button-ignore-generated-events-expected.txt
new file mode 100644
index 0000000..e13f265
--- /dev/null
+++ b/LayoutTests/fast/speech/speech-button-ignore-generated-events-expected.txt
@@ -0,0 +1,10 @@
+Tests that the speech button ignores programmatic click events.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS document.getElementById("speechInput").value is "Pictures of the moon"
+PASS speech button ignored the programmatic click event.
+PASS successfullyParsed is true
+
+TEST COMPLETE
diff --git a/LayoutTests/fast/speech/speech-button-ignore-generated-events.html b/LayoutTests/fast/speech/speech-button-ignore-generated-events.html
new file mode 100644
index 0000000..0498504
--- /dev/null
+++ b/LayoutTests/fast/speech/speech-button-ignore-generated-events.html
@@ -0,0 +1,73 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../js/resources/js-test-style.css">
+<script src="../js/resources/js-test-pre.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script type="text/javascript">
+description('Tests that the speech button ignores programmatic click events.');
+
+function sendClick(useEventSender) {
+    var input = document.getElementById('speechInput');
+    var clientX = input.offsetWidth - 4;
+    var clientY = input.offsetHeight / 2;
+    var pageX = input.offsetLeft + clientX;
+    var pageY = input.offsetTop + clientY;
+    if (useEventSender) {
+        eventSender.mouseMoveTo(pageX, pageY);
+        eventSender.mouseDown();
+        eventSender.mouseUp();
+    } else {
+        var event = document.createEvent("MouseEvents");
+        event.initMouseEvent('click', true, true, window, 1, pageX, pageY, clientX, clientY,
+                             false, false, false, false, 0, document);
+        input.dispatchEvent(event);
+    }
+}
+
+function setupDispatchEventTest() {
+    document.getElementById('speechInput').onchange = function() {
+        testFailed('speech button accepted a programmatic click and fired onChange event.');
+        finishJSTest();
+    };
+    setTimeout(function() {
+        testPassed('speech button ignored the programmatic click event.');
+        finishJSTest();
+    }, 1000);
+    sendClick(false);
+}
+
+// In this test, we first send a click via the eventSender interface which is available only
+// within our test environment. This mimics a real user input event and hence the speech button
+// should treat it normally. We'll be receiving the mock recognition result and verify that.
+// Next we send a generated click event via the dispatchEvent interface which is available
+// for any web page to use. The speech button should identify that this is not a real user
+// input event and not process it.
+function run() {
+    if (window.layoutTestController && window.eventSender) {
+        // Running in DRT, test the eventSender case.
+        layoutTestController.setMockSpeechInputResult('Pictures of the moon');
+        document.getElementById('speechInput').onchange = function() {
+            shouldBeEqualToString('document.getElementById("speechInput").value', 'Pictures of the moon');
+
+            // The speech button is still in the processing state and does not accept clicks. So ask for
+            // a callback once it has processed pending events before sending a programmatic click.
+            setTimeout(setupDispatchEventTest, 0);
+        };
+        sendClick(true);
+    } else {
+        setupDispatchEventTest();
+    }
+}
+
+window.onload = run;
+window.jsTestIsAsync = true;
+window.successfullyParsed = true;
+</script>
+<script src="../js/resources/js-test-post.js"></script>
+<input id='speechInput' speech>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 3101120..4d1bd33 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-09-07  Satish Sampath  <satish at chromium.org>
+
+        Reviewed by Jeremy Orlow.
+
+        Ignore programmatic clicks on speech input button for security reasons.
+        https://bugs.webkit.org/show_bug.cgi?id=45181
+
+        Test: fast/speech/speech-button-ignore-generated-events.html
+
+        * rendering/TextControlInnerElements.cpp:
+        (WebCore::InputFieldSpeechButtonElement::defaultEventHandler):
+
 2010-09-07  Kent Hansen  <kent.hansen at nokia.com>
 
         Reviewed by Andreas Kling.
diff --git a/WebCore/rendering/TextControlInnerElements.cpp b/WebCore/rendering/TextControlInnerElements.cpp
index 1939133..e5228f0 100644
--- a/WebCore/rendering/TextControlInnerElements.cpp
+++ b/WebCore/rendering/TextControlInnerElements.cpp
@@ -395,6 +395,12 @@ PassRefPtr<InputFieldSpeechButtonElement> InputFieldSpeechButtonElement::create(
 
 void InputFieldSpeechButtonElement::defaultEventHandler(Event* event)
 {
+    // For privacy reasons, only allow clicks directly coming from the user.
+    if (!event->fromUserGesture()) {
+        HTMLDivElement::defaultEventHandler(event);
+        return;
+    }
+
     // On mouse down, select the text and set focus.
     HTMLInputElement* input = static_cast<HTMLInputElement*>(shadowAncestorNode());
     if (event->type() == eventNames().mousedownEvent && event->isMouseEvent() && static_cast<MouseEvent*>(event)->button() == LeftButton) {

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list