-
Peter Boström authored
This prevents dialogs from being instantly accepted on Mac if holding VKEY_RETURN as the dialog pops up. Specifically it addresses a security issue where people can be tricked into holding enter while the site pops up a folder-selector dialog. The attack worked as following. The attacker tricks the victim into holding VKEY_RETURN. While the key is being held, the attacker triggers folder upload, which the OS auto-accepts by holding VKEY_RETURN. Before this change, FolderUploadConfirmationView would trigger on Mac with this VKEY_RETURN. With this change, the victim at least has to re-press VKEY_RETURN, which they are presumably at least more likely to notice. This also adds initialization of the EF_IS_REPEAT flag on Mac from [NSEvent isARepeat]. Hopefully that doesn't have wider negative consequences where ui::Event and NSEvent disagrees on the definition of a repeat event. Bug: 1097724 Change-Id: I3bb0589867cbfa059a2406e73ef43e66b5326fbc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357520Reviewed-by:
Sadrul Chowdhury <sadrul@chromium.org> Reviewed-by:
Elly Fong-Jones <ellyjones@chromium.org> Commit-Queue: Peter Boström <pbos@chromium.org> Cr-Commit-Position: refs/heads/master@{#799364}
58cd7272
