Skip to content
Permalink
Browse files

keydown: ignore untrusted keyevents

Ref #24.
  • Loading branch information...
cmcaine committed Nov 9, 2017
1 parent a0a29ae commit 48cedc058bb09b2a8ad898d8caa3455adc510b1e
Showing with 4 additions and 0 deletions.
  1. +4 −0 src/keydown_content.ts
@@ -5,11 +5,15 @@ import * as msgsafe from './msgsafe'
import {isTextEditable} from './dom'

function keyeventHandler(ke: KeyboardEvent) {
// Ignore JS-generated events for security reasons.
if (! ke.isTrusted) return

// Bad workaround: never suppress events in an editable field
// and never suppress keys pressed with modifiers
if (! (isTextEditable(ke.target as Node) || ke.ctrlKey || ke.altKey)) {
suppressKey(ke)
}

Messaging.message("keydown_background", "recvEvent", [msgsafe.KeyboardEvent(ke)])
}

0 comments on commit 48cedc0

Please sign in to comment.
You can’t perform that action at this time.