What sets apart genuine user interactions from programmatically generated actions?

Working with webkit notifications on Chrome has presented a challenge. The 

window.webkitNotifications.requestPermission
method must be called from a user action, such as a click. Attempting to call it at any other time will not have any effect and will not produce an error.

Despite the restriction, there are situations where I need to run this method later on, triggered by another event that was originally generated by an authentic click.

I attempted to simulate a real click event in order to run the method like this:

var a = document.createElement('a');
a.addEventListener('click', function () {
  window.webkitNotifications.requestPermission()
});
var evt = document.createEvent("MouseEvents");
evt.initMouseEvent("click", true, true, window, 1, 0, 0, 0, 0,
false, false, false, false, 0, null);
a.dispatchEvent(evt);

As anticipated, this simulated click did not trigger the method. This raises questions about how Chrome distinguishes genuine user actions from those that are generated programmatically.

I also tried keeping a reference to the original click event and passing it back when attempting to call the method again, but it proved ineffective.

To better illustrate my dilemma, I've created a fiddle: http://jsfiddle.net/arnaudbreton/B38yJ/1/

javascriptgoogle-chromewebkitchromium

Answer №1

Every click action initiated by the user will contain a hidden property that specifies whether it was initiated by the user or not. This property isn't visible to developers, but is essential for the JavaScript engine.

This measure is crucial to prevent malicious scripts from executing on the user's browser, especially when encountering a potentially harmful website unintentionally.

For instance, attempting to open a file browser dialog by simulating a click event on input[type=file] won't work. A genuine click event from the user is required to trigger the file browser.

Furthermore, all event listeners must be synchronous in order to execute security-sensitive functions as demonstrated in the example above.

To sum up, counterfeit events are unable to access security-sensitive browser APIs.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

What other intentions am I forgetting?

Encountering an error regarding missing intents but unable to determine which intents are missing. Various attempts have been made to rectify the issue without success. What specific element is absent here? The following code snippet represents only a po ...

javascriptnode.jsdiscorddiscord.js

The importance of variables in Express Routing

I'm really diving into the intricacies of Express.js routing concepts. Here's an example that I've been pondering over: const routes = require('./routes'); const user = require('./routes/user'); const app = express(); a ...

javascriptnode.jsexpress

How can an Angular Component be created in the browser using the standard method?

Attempting to develop a basic Angular example using JS/ESM. It has been some time since working within the angular environment, and there appear to be two primary choices: Utilizing the UMD lib (preferably to be avoided) Using the ESM2015 folder and loadi ...

javascriptangularecmascript-nextes6-modules

Checking the URL in Redux Form

I am currently using the redux-form library to manage my form in React Redux. I have successfully implemented validation for fields like email and name. However, I am facing an issue with validating a URL field in redux-form. What specific format should I ...

javascriptformsreactjsreduxredux-form

What is the method to determine if a date is larger or smaller than another using Javascript?

Using the inputText function retrieves the value entered in the textbox, while the hidden field value returns the current value. This is my current code snippet: if (inputText.value.length != 0) { if (inputText.value < document.getElementById(&apo ...

javascriptasp.netvb.netdate

Getting JSON with duplicate keys in JavaScript can be achieved by parsing the data using a custom function

I am attempting to retrieve JSON from a URL, but I have encountered an issue where the response object is removing duplicate keys. Is there a way to fetch the JSON without eliminating these duplicates? Below is my JavaScript code: $('document'). ...

javascriptjqueryhtmljson

Troubleshooting a Dysfunctioning Character Counter Feature in a JavaScript Input Field

I've been working on a fun little project to practice my JavaScript skills - a plate calculator. Here's the gist: you enter your name, and each letter costs $5, so the total cost of the plate is the length of your name multiplied by $5 (this pro ...

javascripthtmlcss

Electron and React: Alert - Exceeded MaxListenersWarning: Potential memory leak detected in EventEmitter. [EventEmitter] has 21 updateDeviceList listeners added to it

I've been tirelessly searching to understand the root cause of this issue, and I believe I'm getting closer to unraveling the mystery. My method involves using USB detection to track the connection of USB devices: usbDetect.on('add', () ...

javascriptnode.jsreactjstypescriptelectron

"Exploring interactive 3D graphics with Three.js and Collada

I'm a beginner with Three.JS and I'm attempting to import a simple Sketchup model (a single cube) into Three.JS using the ColladaLoader. Although I am not receiving any errors, nothing is being displayed on the screen: var renderer = new THREE.W ...

javascriptthree.js

Error message encountered: Module not found. It may not have been loaded yet

I am encountering an issue while attempting to utilize an npm module in my VUE component. I have imported the module and defined the necessary methods, but I am receiving the following error: Uncaught Error: No such module. (Possibly not yet loaded) De ...

javascriptnode.jsvue.jsnpm

Express is encountering a non-executable MIME type of 'text/html' with Webpack

My express application setup is as follows: const express = require("express"); const app = express(); const server = require("http").Server(app); const path = require("path"); const port = process.env.PORT || 5000; app.use(& ...

javascriptnode.jsexpresswebpack

React Href is not functioning as expected in relative paths

Recently, I delved into React apps and managed to create one with a router. Everything was smooth sailing in dev mode until I tried running index.html from the build folder after npm run build. It seems like all the href links are broken. I suspect somethi ...

javascripthtmlreactjsreact-router

Ensuring AngularJS ui-router/app waits for $http data to avoid Flash of Unstyled Content (FOUC)

My question or situation pertains to the states defined in my AngularJS application. Here is an example of how I have them structured: $stateProvider .state('myApp', { abstract: true, template: '& ...

javascriptangularjs

Eavesdrop on the import function in Node.js

I have a unit test where I need to confirm if the SUT makes a call to require with a specific parameter. The module under test has the following implementation: module.exports = function () { require('foo'); }; Now, I am trying to create a te ...

javascriptnode.jsunit-testingmocha.jssinon

Running a selenium test with a stand-alone connection to chrome.exe

After encountering issues with Chrome 44, as discussed in this Stack Overflow thread, I followed RobW's suggestion to use a standalone chrome.exe with the required version. However, I am now unsure of how to integrate it with my Selenium and Java test ...

javagoogle-chromeseleniumselenium-webdriverselenium-chromedriver

Maintaining a JavaScript script within the local project directory and integrating it for use with Angular

I could use some assistance. I am currently working on an Angular project and making API calls (GET/PUT) to a remote server. In order to improve the performance of my application, I decided to store the necessary JS file locally in the assets folder. Init ...

javascriptangularsisense

invoke a JavaScript function within the $(document).ready(function() {}) event handler

I am trying to execute an ajax function both on page load and when there is a change, here is the code snippet I am using: function fetchData(ID) { alert('function called'); $.ajax( { type: 'POST', url: &a ...

javascriptjqueryajax

The output is: [object of type HTMLSpanElement]

<form> <table> <tr> <td>Distance:</td> <td><input type="number" id="distance" onKeyUp="calculate();">m</td> </tr> <tr> <td>Time:</td> ...

javascripthtml

"Enhance your website with the powerful autocompletion feature of

I am using Zend Framework to create a form element that utilizes Zend_Dojo_Form_Element_ComboBox. By setting dojox.data.QueryReadStore as the store type, I am able to generate a list of selectable values in my HTML input field. This allows me to either cho ...

phpjavascriptajaxzend-frameworkdojo

I am trying to include the Css Baseline from @mui/material in my project. However, even though it is present in my JSON file, I am encountering an error stating that '@mui/material' needs to be included in the project

Struggling to import Css Baseline from @mui/material, it's listed in my json but I keep getting an error saying '@mui/material' should be included in the project's dependencies. I've been stuck on this issue for a while now! { &q ...

javascriptreactjsjsonnpmmaterial-ui