Remove user gestures on touches other than tap in cross-origin iframes

third_party/WebKit/Source/core/input/TouchEventManager.cpp

Index: third_party/WebKit/Source/core/input/TouchEventManager.cpp
diff --git a/third_party/WebKit/Source/core/input/TouchEventManager.cpp b/third_party/WebKit/Source/core/input/TouchEventManager.cpp
index 5fbb1139f481d6dcf3bea6dfe89f759b3deb01d4..bab83928277f70bad24e99cbf5f665da48aaf92f 100644
--- a/third_party/WebKit/Source/core/input/TouchEventManager.cpp
+++ b/third_party/WebKit/Source/core/input/TouchEventManager.cpp
@@ -467,21 +467,37 @@ WebInputEventResult TouchEventManager::handleTouchEvent(
 
     // Whether a touch should be considered a "user gesture" or not is a tricky question.
     // https://docs.google.com/document/d/1oF1T3O7_E4t1PYHV6gyCwHxOi3ystm0eSL5xZu7nvOg/edit#
-    // TODO(rbyers): Disable user gesture in some cases but retain logging for now (crbug.com/582140).
-    OwnPtr<UserGestureIndicator> gestureIndicator;
-    if (event.touchPoints().size() == 1
+    bool takeUserGesture = false;
+

[dtapuska, 2016/05/12 00:29:47]

I think this might be a little more readable if we just used isTap, isSameOrigin
gesture as opppsed to takeusergesture. Thoughts? 

[Rick Byers, 2016/05/12 03:20:45]

Yeah, as long as I don't worry about trying to skip the security origin check in
the tap case (which was probably a silly over-optimization) then it's simpler
that way.  Done.

+    // The touchend corresponding to a tap is always a user gesture.
+    bool isTap = event.touchPoints().size() == 1
         && event.touchPoints()[0].state() == PlatformTouchPoint::TouchReleased
-        && !event.causesScrollingIfUncanceled()) {
-        // This is a touchend corresponding to a tap, definitely a user gesture.  So don't supply
-        // a UserGestureUtilizedCallback.
-        gestureIndicator = adoptPtr(new UserGestureIndicator(DefinitelyProcessingUserGesture));
-    } else {
-        // This is some other touch event that perhaps shouldn't be considered a user gesture.  So
-        // use a UserGestureUtilizedCallback to get metrics / deprecation warnings.
+        && !event.causesScrollingIfUncanceled();
+    if (isTap)
+        takeUserGesture = true;
+
+    // For now, disallow dragging as a user gesture when the events are being sent to a
+    // cross-origin iframe (crbug.com/582140).
+    if (!takeUserGesture && m_touchSequenceDocument && m_touchSequenceDocument->frame()) {
+        SecurityOrigin* securityOrigin = m_touchSequenceDocument->frame()->securityContext()->getSecurityOrigin();
+        Frame* top = m_frame->tree().top();
+        if (top && securityOrigin->canAccess(top->securityContext()->getSecurityOrigin()))
+            takeUserGesture = true;
+    }
+
+    OwnPtr<UserGestureIndicator> gestureIndicator;
+    if (takeUserGesture) {
+        UserGestureUtilizedCallback* callback = 0;
+        if (!isTap) {
+            // This is some other touch event that we currently consider a user gesture.  So
+            // use a UserGestureUtilizedCallback to get metrics.
+            callback = &m_touchSequenceDocument->frame()->eventHandler();
+        }
+
         if (m_touchSequenceUserGestureToken)
-            gestureIndicator = adoptPtr(new UserGestureIndicator(m_touchSequenceUserGestureToken.release(), &m_touchSequenceDocument->frame()->eventHandler()));
+            gestureIndicator = adoptPtr(new UserGestureIndicator(m_touchSequenceUserGestureToken.release(), callback));
         else
-            gestureIndicator = adoptPtr(new UserGestureIndicator(DefinitelyProcessingUserGesture, &m_touchSequenceDocument->frame()->eventHandler()));
+            gestureIndicator = adoptPtr(new UserGestureIndicator(DefinitelyProcessingUserGesture, callback));
         m_touchSequenceUserGestureToken = UserGestureIndicator::currentToken();
     }