Skip to content

Commit 48cedc0

Browse files
committed
keydown: ignore untrusted keyevents
Ref #24.
1 parent a0a29ae commit 48cedc0

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

src/keydown_content.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,15 @@ import * as msgsafe from './msgsafe'
55
import {isTextEditable} from './dom'
66

77
function keyeventHandler(ke: KeyboardEvent) {
8+
// Ignore JS-generated events for security reasons.
9+
if (! ke.isTrusted) return
10+
811
// Bad workaround: never suppress events in an editable field
912
// and never suppress keys pressed with modifiers
1013
if (! (isTextEditable(ke.target as Node) || ke.ctrlKey || ke.altKey)) {
1114
suppressKey(ke)
1215
}
16+
1317
Messaging.message("keydown_background", "recvEvent", [msgsafe.KeyboardEvent(ke)])
1418
}
1519

0 commit comments

Comments
 (0)