Date of Review:2011.04.28 & 2011.05.02
- Click should not count as a real click
- this is an untrusted synthetic event thus does not cause problems with form submissions or popup blocking
- Bug calls for file picker to come up on file control?
- Events are tracked for handling to allow or deny popup control state
- Does onaccesskey override our accesskeys?
- It may in some cases, but should webapps be able to do this?
- Not defined in any spec, there are bugs in both directions
- some things should not be override-able, but this is not necessarily a security issue
- File a bug that file picker should be subject to pop-up blocker logic. Calling click() should not be trusted, but sites that call click() in response to a real user click on another button should be OK. Works in some cases not in others, appears to be a popup blocker bug.