Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-21 09:15:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f1fbd2ff00
gecko-dev/dom/events/InputEvent.h
Masayuki Nakano e28c807e5a Bug 1533989 - Make InputEvent.data and InputEvent.dataTransfer not expose clipboard data if user disables clipboard events r=smaug 
If user disables clipboard events, it means that they don't want to expose
clipboard data to web apps even if web apps cannot handle "paste" operation.
Therefore, they must not want to leak clipboard data with `InputEvent.data`
and `InputEvent.dataTransfer`.

This patch makes `InputEvent::GetData()` and `InputEvent::GetDataTransfer()`
returns empty string or new `DataTransfer` object which has only empty string
if:
- They are called by content JS.
- The event is a trusted event.
- `inputType` value is `insertFromPaste` or `insertFromPasteAsQuotation`.

The reason why we don't return null for both is, Input Events spec declares
`data` or `dataTransfer` shouldn't be null in the `inputType` values.  And
the reason why we don't return empty `DataTransfer` is, web apps may expect
at least one data is stored in non-null `dataTransfer` value.

Differential Revision: https://phabricator.services.mozilla.com/D25350

--HG--
extra : moz-landing-system : lando
2019-03-29 16:08:11 +00:00

58 lines
1.9 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_InputEvent_h_
#define mozilla_dom_InputEvent_h_
#include "mozilla/dom/UIEvent.h"
#include "mozilla/dom/InputEventBinding.h"
#include "mozilla/EventForwards.h"
namespace mozilla {
namespace dom {
class DataTransfer;
class InputEvent : public UIEvent {
public:
InputEvent(EventTarget* aOwner, nsPresContext* aPresContext,
InternalEditorInputEvent* aEvent);
NS_INLINE_DECL_REFCOUNTING_INHERITED(InputEvent, UIEvent)
static already_AddRefed<InputEvent> Constructor(const GlobalObject& aGlobal,
const nsAString& aType,
const InputEventInit& aParam,
ErrorResult& aRv);
virtual JSObject* WrapObjectInternal(
JSContext* aCx, JS::Handle<JSObject*> aGivenProto) override {
return InputEvent_Binding::Wrap(aCx, this, aGivenProto);
}
void GetInputType(nsAString& aInputType);
void GetData(nsAString& aData, CallerType aCallerType = CallerType::System);
already_AddRefed<DataTransfer> GetDataTransfer(
CallerType aCallerType = CallerType::System);
bool IsComposing();
protected:
~InputEvent() {}
// mInputTypeValue stores inputType attribute value if the instance is
// created by script and not initialized with known inputType value.
nsString mInputTypeValue;
};
} // namespace dom
} // namespace mozilla
already_AddRefed<mozilla::dom::InputEvent> NS_NewDOMInputEvent(
mozilla::dom::EventTarget* aOwner, nsPresContext* aPresContext,
mozilla::InternalEditorInputEvent* aEvent);
#endif // mozilla_dom_InputEvent_h_
Reference in New Issue View Git Blame Copy Permalink