[wp-trac] [WordPress Trac] #31846: Using the browser's Back and Forward buttons doesn't update the media library

WordPress Trac noreply at wordpress.org
Sun May 28 13:41:09 UTC 2017 

#31846: Using the browser's Back and Forward buttons doesn't update the media
library
-------------------------------------+------------------------------
 Reporter:  Faison                   |       Owner:  adamsilverstein
     Type:  defect (bug)             |      Status:  assigned
 Priority:  normal                   |   Milestone:  Future Release
Component:  Media                    |     Version:  4.0
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:  javascript
-------------------------------------+------------------------------

Comment (by afercia):

 Just noticed an edge case, not strictly related to this patch though.
 Next/previous navigation happens also when using the keyboard Arrow
 right/left keys. This might trigger a security error in Safari. To
 reproduce:
 - use Safari 10 or Safari Technology Preview
 - ensure you have 30-40 attachments in your media library to make testing
 easier
 - click an attachment, the edit attachment modal opens
 - press and ''keep pressed'' the Arrow right key on your keyboard
 - navigation to the next item is triggered continuously until the last
 item
 - when on the last item, press and ''keep pressed'' the Arrow left key
 until you reach the first item
 - go back and forth this way until Safari triggers this error:
 `SecurityError (DOM Exception 18): Attempt to use history.pushState() more
 than 100 times per 30.000000 seconds`

 So the number of attachments and browsing direction is not relevant to
 trigger the security error, all that's needed is to call
 history.pushState() more than 100 times per 30 seconds. Googling a bit, it
 appears to be "by design" to prevent a potential security bug abusing
 pushState/replaceState. Some references:
 https://forums.developer.apple.com/thread/36650
 Seems this restriction was initially 100 calls, then softened to 100 calls
 per 30 seconds:
 https://trac.webkit.org/changeset/198687/webkit/trunk/Source/WebCore/page/History.cpp

 Out of curiosity, I've checked what happens on the Theme installer and
 noticed the arrow navigation there uses `keyup` instead of `keydown` so
 the "continuous triggering" doesn't happen: users have to release the
 pressed key to trigger navigation. Wondering if also the attachments
 navigation should use `keyup` instead of `keydown`, also for consistency.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31846#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list