Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2575438ca004115ca5cf1c3225c27a6312b7027d
https://github.com/WebKit/WebKit/commit/2575438ca004115ca5cf1c3225c27a6312b7027d
Author: Wenson Hsieh <[email protected]>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M Source/WebCore/dom/UserGestureIndicator.cpp
M Source/WebCore/dom/UserGestureIndicator.h
M Source/WebCore/page/EventHandler.cpp
M Source/WebCore/page/LocalFrame.cpp
M Source/WebCore/page/Quirks.cpp
M Source/WebCore/page/Quirks.h
Log Message:
-----------
Pressing ⌘V pastes content twice in text fields on Tableau analytics dashboard
https://bugs.webkit.org/show_bug.cgi?id=263590
rdar://105750465
Reviewed by Ryosuke Niwa.
In Tableau's analytics tool, pressing ⌘V to paste in any focused editable areas
pastes content
twice after showing a Paste menu item, if the user clicks "Paste" on this item.
This is because
Tableau's script does something akin to the following:
```
textField.addEventListener("keydown", event => {
if (event.key === "v" && event.metaKey)
document.execCommand("Paste");
});
```
...which triggers a programmatic paste upon `keydown`, without preventing
default. This means that
if the programmatic DOM paste is accepted, we'll end up triggering two paste
commands: (1) due to
the `execCommand`, and (2) due to the default behavior of ⌘V.
While this is ostensibly a website bug, it works fine in other browsers
(Firefox, Chrome) because
they don't support DOM paste at all, so we just end up silently failing the
programmatic paste
before performing the real paste.
For now, fix this by adding a quirk for Tableau's analytics page which disables
DOM paste access
triggered by key events. Making this a quirk limits risk in the short term,
since it's possible that
there are other web apps and frameworks that already assume (based on user
agent/engine checks) that
Safari/WebKit will show DOM paste prompts on key events.
* Source/WebCore/dom/UserGestureIndicator.cpp:
(WebCore::UserGestureToken::UserGestureToken):
(WebCore::UserGestureIndicator::UserGestureIndicator):
* Source/WebCore/dom/UserGestureIndicator.h:
Add a new enum flag to determine whether or not we should allow DOM paste
requests under the user
gesture token.
(WebCore::UserGestureToken::create):
(WebCore::UserGestureToken::canRequestDOMPaste const):
* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::internalKeyEvent):
Pass in `CanRequestDOMPaste::No` if the quirk is enabled.
* Source/WebCore/page/LocalFrame.cpp:
(WebCore::LocalFrame::requestDOMPasteAccess):
* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::needsDisableDOMPasteAccessQuirk const):
Add the quirk; check `window.tableauPrep` instead of a domain, to fix other
(non-Apple-internal)
Tableau instances which would also encounter this same issue.
* Source/WebCore/page/Quirks.h:
Canonical link: https://commits.webkit.org/269736@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
