mac: Do not let synthetic events toggle "Allow JavaScript From AppleE…

…vents"

Bug: 891697
Change-Id: I49eb77963515637df739c9d2ce83530d4e21cf15
Reviewed-on: https://chromium-review.googlesource.com/c/1308771
Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#604268}

chrome/browser/ui/BUILD.gn

@@ -1920,8 +1920,8 @@ jumbo_split_static_library("ui") {
 
   if (is_mac) {
     sources += [
-      "browser_commands_mac.cc",
       "browser_commands_mac.h",
+      "browser_commands_mac.mm",
       "browser_mac.cc",
       "browser_mac.h",
       "cocoa/accelerator_utils_cocoa.mm",

chrome/browser/ui/browser_command_controller.cc

@@ -442,9 +442,7 @@ bool BrowserCommandController::ExecuteCommandWithDisposition(
       chrome::ToggleFullscreenToolbar(browser_);
       break;
     case IDC_TOGGLE_JAVASCRIPT_APPLE_EVENTS: {
-      PrefService* prefs = profile()->GetPrefs();
-      prefs->SetBoolean(prefs::kAllowJavascriptAppleEvents,
-                        !prefs->GetBoolean(prefs::kAllowJavascriptAppleEvents));
+      chrome::ToggleJavaScriptFromAppleEventsAllowed(browser_);
       break;
     }
 #endif

chrome/browser/ui/browser_commands_mac.h

@@ -12,6 +12,9 @@ namespace chrome {
 // Toggles the visibility of the toolbar in fullscreen mode.
 void ToggleFullscreenToolbar(Browser* browser);
 
+// Toggles the "Allow JavaScript from AppleEvents" setting.
+void ToggleJavaScriptFromAppleEventsAllowed(Browser* browser);
+
 }  // namespace chrome
 
 #endif  // CHROME_BROWSER_UI_BROWSER_COMMANDS_MAC_H_

chrome/browser/ui/browser_commands_mac.mm

@@ -0,0 +1,61 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/ui/browser_commands_mac.h"
+
+#include <unistd.h>
+
+#import <Cocoa/Cocoa.h>
+
+#include "base/logging.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/browser_commands.h"
+#include "chrome/browser/ui/exclusive_access/fullscreen_controller.h"
+#include "chrome/common/pref_names.h"
+#include "components/prefs/pref_service.h"
+
+namespace chrome {
+
+void ToggleFullscreenToolbar(Browser* browser) {
+  DCHECK(browser);
+
+  // Toggle the value of the preference.
+  PrefService* prefs = browser->profile()->GetPrefs();
+  bool show_toolbar = prefs->GetBoolean(prefs::kShowFullscreenToolbar);
+  prefs->SetBoolean(prefs::kShowFullscreenToolbar, !show_toolbar);
+}
+
+void ToggleJavaScriptFromAppleEventsAllowed(Browser* browser) {
+  CGEventRef cg_event = [[NSApp currentEvent] CGEvent];
+  if (!cg_event)
+    return;
+
+  // If the event is from another process, do not allow it to toggle this
+  // secure setting.
+  int sender_pid =
+      CGEventGetIntegerValueField(cg_event, kCGEventSourceUnixProcessID);
+  if (sender_pid != 0 && sender_pid != getpid()) {
+    DLOG(ERROR)
+        << "Dropping JS AppleScript toggle, event not from browser, from "
+        << sender_pid;
+    return;
+  }
+
+  // Only allow events generated in the HID system to toggle this setting.
+  int event_source =
+      CGEventGetIntegerValueField(cg_event, kCGEventSourceStateID);
+  if (event_source != kCGEventSourceStateHIDSystemState) {
+    DLOG(ERROR) << "Dropping JS AppleScript toggle, event source state not "
+                   "from HID, from "
+                << event_source;
+    return;
+  }
+
+  PrefService* prefs = browser->profile()->GetPrefs();
+  prefs->SetBoolean(prefs::kAllowJavascriptAppleEvents,
+                    !prefs->GetBoolean(prefs::kAllowJavascriptAppleEvents));
+}
+
+}  // namespace chrome