Do not accept dialogs on key-repeat

This prevents dialogs from being instantly accepted on Mac if holding
VKEY_RETURN as the dialog pops up.

Specifically it addresses a security issue where people can be tricked
into holding enter while the site pops up a folder-selector dialog.

The attack worked as following. The attacker tricks the victim into
holding VKEY_RETURN. While the key is being held, the attacker triggers
folder upload, which the OS auto-accepts by holding VKEY_RETURN. Before
this change, FolderUploadConfirmationView would trigger on Mac with this
VKEY_RETURN.

With this change, the victim at least has to re-press VKEY_RETURN, which
they are presumably at least more likely to notice.

This also adds initialization of the EF_IS_REPEAT flag on Mac from
[NSEvent isARepeat]. Hopefully that doesn't have wider negative
consequences where ui::Event and NSEvent disagrees on the definition of
a repeat event.

Bug: 1097724
Change-Id: I3bb0589867cbfa059a2406e73ef43e66b5326fbc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357520Reviewed-by: Sadrul Chowdhury <sadrul@chromium.org>
Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#799364}

ui/events/cocoa/cocoa_event_utils.mm

@@ -78,6 +78,10 @@ int EventFlagsFromNSEventWithModifiers(NSEvent* event, NSUInteger modifiers) {
 
   flags |= IsRightButtonEvent(event) ? ui::EF_RIGHT_MOUSE_BUTTON : 0;
   flags |= IsMiddleButtonEvent(event) ? ui::EF_MIDDLE_MOUSE_BUTTON : 0;
+
+  if ([event type] == NSKeyDown && [event isARepeat])
+    flags |= ui::EF_IS_REPEAT;
+
   return flags;
 }
 

ui/events/cocoa/events_mac_unittest.mm

@@ -204,6 +204,10 @@ TEST_F(EventsMacTest, EventFlagsFromNative) {
       NSLeftMouseUp, NSCommandKeyMask | NSAlternateKeyMask);
   EXPECT_EQ(EF_LEFT_MOUSE_BUTTON | EF_COMMAND_DOWN | EF_ALT_DOWN,
             EventFlagsFromNative(cmdalt));
+
+  // Make sure a repeat key-down event gets ui::EF_IS_REPEAT set.
+  NSEvent* repeat_key_down = cocoa_test_event_utils::KeyDownEventWithRepeat();
+  EXPECT_EQ(ui::EF_IS_REPEAT, EventFlagsFromNative(repeat_key_down));
 }
 
 // Tests mouse button presses and mouse wheel events.

ui/events/test/cocoa_test_event_utils.h

@@ -62,6 +62,9 @@ NSEvent* TestScrollEvent(NSPoint location,
                          NSEventPhase event_phase,
                          NSEventPhase momentum_phase);
 
+// Returns a key-down event with isARepeat:YES.
+NSEvent* KeyDownEventWithRepeat();
+
 // Returns a key event with the given character.
 NSEvent* KeyEventWithCharacter(unichar c);
 

ui/events/test/cocoa_test_event_utils.mm

@@ -228,6 +228,19 @@ NSEvent* TestScrollEvent(NSPoint window_point,
   return event;
 }
 
+NSEvent* KeyDownEventWithRepeat() {
+  return [NSEvent keyEventWithType:NSKeyDown
+                          location:NSZeroPoint
+                     modifierFlags:0
+                         timestamp:TimeIntervalSinceSystemStartup()
+                      windowNumber:0
+                           context:nil
+                        characters:@""
+       charactersIgnoringModifiers:@""
+                         isARepeat:YES
+                           keyCode:0x78];
+}
+
 NSEvent* KeyEventWithCharacter(unichar c) {
   return KeyEventWithKeyCode(0, c, NSKeyDown, 0);
 }

ui/views/input_event_activation_protector.cc

@@ -21,6 +21,11 @@ bool InputEventActivationProtector::IsPossiblyUnintendedInteraction(
     return false;
   }
 
+  // Don't let key repeats close the dialog, they might've been held when the
+  // dialog pops up.
+  if (event.IsKeyEvent() && event.AsKeyEvent()->is_repeat())
+    return true;
+
   if (!event.IsMouseEvent() && !event.IsTouchEvent())
     return false;