8

My Firefox extension generates events, e.g. click. In response, the web application tries to open a new window. However it's getting blocked by Firefox as Popup blocker kicks in. However, if I manually click a button and in response to that when the web app tries to open window, it goes through.

My question is why aren't events generated by my extension treated as 'trusted', and treated the same way at user click? Is there some backdoor to achieve that behavior?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Sunil Agrawal
  • 679
  • 4
  • 14

1 Answers1

7

Edit: This answer is badly outdated. It refers to classic extensions that are no longer supported as of Firefox 57. Extensions based on the Web Extensions API have no way of generating trusted events.

Yes, events generated by extensions are always trusted. That means that event.isTrusted will be true and the events will be able to trigger actions that require trusted events (e.g. Ctrl-Tab keypress event to switch browser tabs). However, they stay synthesized events meaning that there is no native (OS-level) event associated with them. And since the pop-up blocker works with native events it will not see the events generated by your extension.

You can use nsIDOMWindowUtils.sendMouseEventToWindow() instead of document.createEvent(). This method is meant for testing and will generate a native event as well. This should be good enough for the pop-up blocker.

var utils = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
                  .getInterface(Components.interfaces.nsIDOMWindowUtils);
utils.sendMouseEventToWindow("click", 10, 20, 0, 1, 0);
Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
  • Thanks a lot Wladimir. That's exactly what I was looking for. Any reason to not use it for all event creation? Are there any performance downsides? – Sunil Agrawal Jul 12 '12 at 23:04
  • It simply cannot be done, the semantics are different. `sendMouseEvent` adds a native event to the usual event processing and the browser will determine how to handle it (in particular, where to dispatch a DOM event). With `createEvent` you control where to dispatch the event and you skip all the native event processing. – Wladimir Palant Jul 13 '12 at 07:10
  • 2
    "Yes, events generated by extensions are always trusted." - Can you expand on this? I am trying to do exactly that, using document.createEvent() from the inside of content script of my extension, yet isTrusted is false. I'd love to hear if there is a specific method or criteria, like extension needs to be signed, or anything else. – alandarev Feb 16 '16 at 15:14
  • 1
    @alandarev: Add-on SDK and its content scripts are a different beast, they run with the privileges of the website and consequently cannot create trusted events. – Wladimir Palant Feb 16 '16 at 16:43