From b46432060753c4fa3db11da8641f67e49c0016ce Mon Sep 17 00:00:00 2001 From: Dennis Kaspar Date: Sun, 27 Jun 2021 18:48:42 +0200 Subject: [PATCH] Add trusted modifier (#6149) Fixes #6137 Adding a trusted modifier to make events not be dispatchable by console/sourcecode. Useful to prevent injected code to automatically dispatch event for preventing botting --- src/compiler/compile/nodes/Element.ts | 3 ++- .../compile/render_dom/wrappers/Element/EventHandler.ts | 1 + src/runtime/internal/dom.ts | 7 +++++++ .../samples/event-handler-modifier-trusted/_config.js | 9 +++++++++ .../samples/event-handler-modifier-trusted/main.svelte | 5 +++++ .../samples/event-modifiers-invalid/errors.json | 2 +- 6 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 test/runtime/samples/event-handler-modifier-trusted/_config.js create mode 100644 test/runtime/samples/event-handler-modifier-trusted/main.svelte diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts index c9529fcbcba4..65000b9b5d2b 100644 --- a/src/compiler/compile/nodes/Element.ts +++ b/src/compiler/compile/nodes/Element.ts @@ -82,7 +82,8 @@ const valid_modifiers = new Set([ 'once', 'passive', 'nonpassive', - 'self' + 'self', + 'trusted' ]); const passive_events = new Set([ diff --git a/src/compiler/compile/render_dom/wrappers/Element/EventHandler.ts b/src/compiler/compile/render_dom/wrappers/Element/EventHandler.ts index ea2eb4da99de..fc65a9aa5e96 100644 --- a/src/compiler/compile/render_dom/wrappers/Element/EventHandler.ts +++ b/src/compiler/compile/render_dom/wrappers/Element/EventHandler.ts @@ -42,6 +42,7 @@ export default class EventHandlerWrapper { if (this.node.modifiers.has('preventDefault')) snippet = x`@prevent_default(${snippet})`; if (this.node.modifiers.has('stopPropagation')) snippet = x`@stop_propagation(${snippet})`; if (this.node.modifiers.has('self')) snippet = x`@self(${snippet})`; + if (this.node.modifiers.has('trusted')) snippet = x`@trusted(${snippet})`; const args = []; diff --git a/src/runtime/internal/dom.ts b/src/runtime/internal/dom.ts index bdc553894194..93100e625be0 100644 --- a/src/runtime/internal/dom.ts +++ b/src/runtime/internal/dom.ts @@ -214,6 +214,13 @@ export function self(fn) { }; } +export function trusted(fn) { + return function(event) { + // @ts-ignore + if (event.isTrusted) fn.call(this, event); + }; +} + export function attr(node: Element, attribute: string, value?: string) { if (value == null) node.removeAttribute(attribute); else if (node.getAttribute(attribute) !== value) node.setAttribute(attribute, value); diff --git a/test/runtime/samples/event-handler-modifier-trusted/_config.js b/test/runtime/samples/event-handler-modifier-trusted/_config.js new file mode 100644 index 000000000000..ac269e674a10 --- /dev/null +++ b/test/runtime/samples/event-handler-modifier-trusted/_config.js @@ -0,0 +1,9 @@ +export default { + async test({ assert, component, target, window }) { + const button = target.querySelector('button'); + const event = new window.MouseEvent('click'); + + await button.dispatchEvent(event); + assert.equal(component.trusted, true); + } +}; diff --git a/test/runtime/samples/event-handler-modifier-trusted/main.svelte b/test/runtime/samples/event-handler-modifier-trusted/main.svelte new file mode 100644 index 000000000000..504326a49814 --- /dev/null +++ b/test/runtime/samples/event-handler-modifier-trusted/main.svelte @@ -0,0 +1,5 @@ + + + diff --git a/test/validator/samples/event-modifiers-invalid/errors.json b/test/validator/samples/event-modifiers-invalid/errors.json index 59a142d632c7..ea6de4ce34bc 100644 --- a/test/validator/samples/event-modifiers-invalid/errors.json +++ b/test/validator/samples/event-modifiers-invalid/errors.json @@ -1,5 +1,5 @@ [{ - "message": "Valid event modifiers are preventDefault, stopPropagation, capture, once, passive, nonpassive or self", + "message": "Valid event modifiers are preventDefault, stopPropagation, capture, once, passive, nonpassive, self or trusted", "code": "invalid-event-modifier", "start": { "line": 1,