Closed Bug 1809773 Opened 3 years ago Closed 3 years ago

Simplify KeyboardEvent.webidl for RFP

Categories

(Core :: DOM: Events, enhancement)

Product:
Core
Component:
DOM: Events
Type:
enhancement

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: tjr, Assigned: tjr)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file)

For ResistFingerprinting purposes, several attributes in KeyboardEvent.webidl have [NeedsCallerType] - however, this check is redundant with the new ResistFingerprinting architecture, so we can remove it.

Previously, the binding code uses nsContentUtils::IsSystemCaller which checks if JS::GetRealmPrincipals(realm) is the System Principal. Now (where we call doc->ShouldResistFingerprinting) we are looking at the Document's principal and checking if it's the System Principal. I'm assuming that a Document's Principal and the Document's JSContext's Realm Principal aren't going to mismatch.

So making that assumption, we can remove CallerType from a lot of things. I don't know all the history behind dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value but ShouldUseSameValueForCharCodeAndKeyCode needs the CallerType, so we can't remove it from charCode or keyCode.

Blocks: 1809774

(In reply to Tom Ritter [:tjr] from comment #0)

So making that assumption, we can remove CallerType from a lot of things. I don't know all the history behind dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value but ShouldUseSameValueForCharCodeAndKeyCode needs the CallerType, so we can't remove it from charCode or keyCode.

Yes, it's required for them for avoiding to change chrome script.

I'm assuming that a Document's Principal and the Document's JSContext's Realm Principal aren't going to mismatch.

I don't think that is really true. The JSContext's principal depends on the executing code. Chrome/system JS code can access both chrome and content documents, but content JS can only access content documents.

(In reply to Tom Schuster (MoCo) from comment #3)

I'm assuming that a Document's Principal and the Document's JSContext's Realm Principal aren't going to mismatch.

I don't think that is really true. The JSContext's principal depends on the executing code. Chrome/system JS code can access both chrome and content documents, but content JS can only access content documents.

Thanks for pointing that out. Testing does show that there are plenty of cases where the Document says we should RFP but CallerType is System. (And mEvent->mFlags.mInSystemGroup is false.)

Based on that, I think I'm going to abandon this patch and close the bug.

Blocks: finegrained-rfp
No longer blocks: 1809774
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
Attachment #9311880 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: