Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
242 views
in Technique[技术] by (71.8m points)

javascript - Why does calling Window.scroll() give a trusted event?

I have a Chrome extension that needs to produce human-like mouse and keyboard behavior (specifically, generate events that have a isTrusted value of true). I can do everything I need except for scrolling with the chrome.debugger APIs.

But it seems that the Window.scroll() method is sufficient for this purpose up to Chrome 52 and Firefox 48.0a1. This can be observed by attaching an event listener to the page as follows:

document.addEventListener("scroll", function (event) { 
    console.log("event trusted? " + event.isTrusted);
});

and then running something like window.scroll(0, 10); in the developer console. This will log event trusted? true to the developer console.

My question is: why is this the case? Shouldn't the isTrusted property be false in this case since the scroll event was clearly generated by a script?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

This is by specification, per the DOM Living Standard:

NOTE: isTrusted is a convenience that indicates whether an event is dispatched by the user agent (as opposed to using dispatchEvent()). The sole legacy exception is click(), which causes the user agent to dispatch an event whose isTrusted attribute is initialized to false.

Also, in the DOM Level 3 Events Specification:

3.4. Trusted events

Events that are generated by the user agent, either as a result of user interaction, or as a direct result of changes to the DOM, are trusted by the user agent with privileges that are not afforded to events generated by script through the createEvent() method, modified using the initEvent() method, or dispatched via the dispatchEvent() method. The isTrusted attribute of trusted events has a value of true, while untrusted events have a isTrusted attribute value of false.

Thus, isTrusted only reflects if the event has been dispatched or created artificially using createEvent, initEvent, or dispatchEvent. Now, look at the definition of Window.scroll per the CSSOM View Module Editor's Draft:

When the scroll() method is invoked these steps must be run:

[...]

  1. If invoked with two arguments, follow these substeps:

?????[...]

?????12. Perform a scroll of the viewport to position, document’s root element as the associated element, if there is one, or null otherwise, and the scroll behavior being the value of the behavior dictionary member of options.

Nowhere in the method is an artificial event created with createEvent, initEvent, or dispatchEvent, thus the value of isTrusted is true. Note that using Window.scroll still triggers the event handler because it integrates with the event loop, and a scroll event is emitted when a viewport or element is scrolled. This does not, however, use createEvent, initEvent, or dispatchEvent.

Using the isTrusted event isn't a sure-fire way of detecting whether a script generated an event. It only detects if an event has been created and dispatched with createEvent, initEvent, or dispatchEvent.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...