[webkit-changes] [WebKit/WebKit] 79fdcd: Command-click to open a link in a new tab navigate...

Thu, 04 Sep 2025 10:31:24 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 79fdcdf3166524609b3412c7da7bbee86ed72096
      
https://github.com/WebKit/WebKit/commit/79fdcdf3166524609b3412c7da7bbee86ed72096
  Author: Chris Dumez <cdu...@apple.com>
  Date:   2025-09-03 (Wed, 03 Sep 2025)

  Changed paths:
    M Source/WebCore/page/EventHandler.cpp
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/LocalDOMWindow.h
    M Source/WebKit/Shared/WebEventModifier.cpp
    M Tools/TestWebKitAPI/Tests/mac/MouseEventTests.mm

  Log Message:
  -----------
  Command-click to open a link in a new tab navigates the current tab on some 
websites
https://bugs.webkit.org/show_bug.cgi?id=298213
rdar://57216935

Reviewed by Brady Eidson and Alexey Proskuryakov.

Command-click to open a link in a new tab navigates the current tab on some 
websites.
The reason for this is that these sites intercept the click event on the 
element,
do some processing (e.g. link click analytics), then "clone" the click event and
dispatch the cloned event.

The issue with this is that the "cloned" click event is no longer a trusted 
event
and WebKit decided to ignore modifiers for navigations triggered by untrusted
events in r197150. The issue was that sites could add items to Safari's reading
list by simulating clicks with the "Shift" modifier set.

To address the issue while maintaining the security benefits from r197150, we 
now
keep track of the last user click event on any given window object. When a 
frame is
navigated by an untrusted event, we now check if there was a user click in this 
frame
in the last 5 seconds and maintain the modifiers that are common to the 
untrusted
event and the last (trusted) user click. We also consume the last user click so 
that
it can only be used to maintain modifiers on a single untrusted event.

* Source/WebCore/page/EventHandler.cpp:
(WebCore::EventHandler::dispatchMouseEvent):
* Source/WebCore/page/LocalDOMWindow.cpp:
(WebCore::LocalDOMWindow::transientActivationDuration):
(WebCore::LocalDOMWindow::updateLastUserClickEvent):
(WebCore::LocalDOMWindow::consumeLastUserClickEvent):
(WebCore::transientActivationDuration): Deleted.
* Source/WebCore/page/LocalDOMWindow.h:
* Source/WebKit/Shared/WebEventModifier.cpp:
(WebKit::modifiersForNavigationAction):
* Tools/TestWebKitAPI/Tests/mac/MouseEventTests.mm:
(TestWebKitAPI::runModifierIsKeptWhenJSInterceptsClickTest):
(TestWebKitAPI::TEST(MouseEventTests, CmdModifierIsKeptWhenJSInterceptsClick)):
(TestWebKitAPI::TEST(MouseEventTests, 
ShiftModifierIsKeptWhenJSInterceptsClick)):
(TestWebKitAPI::TEST(MouseEventTests, AltModifierIsKeptWhenJSInterceptsClick)):
(TestWebKitAPI::TEST(MouseEventTests, 
CmdShiftModifierIsKeptWhenJSInterceptsClick)):

Canonical link: https://commits.webkit.org/299537@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to