Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(23)

Issue 2371573002: Fix download attr on anchor allows download without user interaction

Created:
4 years, 2 months ago by jhwon0415
Modified:
4 years, 1 month ago
CC:
chromium-reviews, blink-reviews, dglazkov+blink, blink-reviews-html_chromium.org
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix Download attr on anchor allows download without user interaction HTMLAnchorElement which has both href and download should not triggered if there is no user interaction, and have to throw an "InvalidAccessError" DOMException. Now Download and href is not triggered, but not thorwing DOMException Added TODO in Source Code Spec-Url: https://html.spec.whatwg.org/#the-a-element:the-a-element-9 BUG=649918

Patch Set 1 #

Patch Set 2 : Removed unnecessary header #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+10 lines, -5 lines) Patch
M AUTHORS View 1 chunk +1 line, -0 lines 1 comment Download
M third_party/WebKit/Source/core/html/HTMLAnchorElement.cpp View 1 1 chunk +9 lines, -5 lines 1 comment Download

Messages

Total messages: 26 (12 generated)
jhwon0415
Fixed bug, but I failed to raise exception
4 years, 2 months ago (2016-09-25 13:05:11 UTC) #3
zino
+ dtapuska@ and rbyers@ for reviewers.
4 years, 2 months ago (2016-09-27 13:37:08 UTC) #6
zino
For reviewer, Chromium/Blink Hackathon is going on now in our country. jhwon0415@ is a university ...
4 years, 2 months ago (2016-09-27 13:42:21 UTC) #7
zino
jhwon0415@, I think we need a unit tests. Could you add a unit tests for ...
4 years, 2 months ago (2016-09-27 13:46:53 UTC) #8
Rick Byers
On 2016/09/27 13:42:21, zino wrote: > For reviewer, > > Chromium/Blink Hackathon is going on ...
4 years, 2 months ago (2016-09-28 22:31:57 UTC) #9
jhwon0415
I fixed bug by calling if(isTrusted()) before actual download. Because this method block javascript-generated click() ...
4 years, 2 months ago (2016-09-29 16:05:43 UTC) #15
zino
On 2016/09/29 16:05:43, jhwon0415 wrote: > I fixed bug by calling if(isTrusted()) before actual download. ...
4 years, 2 months ago (2016-09-29 16:30:20 UTC) #18
zino
On 2016/09/29 16:30:20, zino wrote: > On 2016/09/29 16:05:43, jhwon0415 wrote: > > I fixed ...
4 years, 2 months ago (2016-09-29 16:35:21 UTC) #19
dtapuska
On 2016/09/29 16:35:21, zino wrote: > On 2016/09/29 16:30:20, zino wrote: > > On 2016/09/29 ...
4 years, 2 months ago (2016-09-29 19:51:44 UTC) #20
Rick Byers
On 2016/09/29 19:51:44, dtapuska wrote: > On 2016/09/29 16:35:21, zino wrote: > > On 2016/09/29 ...
4 years, 2 months ago (2016-09-29 20:17:48 UTC) #21
jhwon0415
I searched code for few hours,, and I couldn't find way to make trusted input ...
4 years, 2 months ago (2016-09-30 15:59:08 UTC) #22
zino
any update?
4 years, 2 months ago (2016-10-13 01:55:19 UTC) #23
dtapuska
On 2016/10/13 01:55:19, zino wrote: > any update? I would recommend looking at DummyPageHolder and ...
4 years, 1 month ago (2016-10-24 18:48:17 UTC) #24
dtapuska
4 years, 1 month ago (2016-10-24 18:53:26 UTC) #25
On 2016/10/24 18:48:17, dtapuska wrote:
> On 2016/10/13 01:55:19, zino wrote:
> > any update?
> 
> I would recommend looking at DummyPageHolder and writing a C++ test for this.
>
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/testing/D...
> 
> Then you could override the FrameLoaderClient and then capture the
> loadURLExternally call to validate it was called.
> 
> Events dispatched to the Page's Event Handler via gmock should all be trusted.

Or look at this test here:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/web/tests/TopC...

It sends input events to the webview. In
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/web/tests/Fram...
you could pass your own implementation of
https://cs.chromium.org/chromium/src/third_party/WebKit/public/web/WebFrameCl...

which is mocked out to be called once or something like that.

Powered by Google App Engine
This is Rietveld 408576698