Jump to content

Chrome Extension Breaks Other Applications

Recommended Posts

The Evernote Chrome extension has code that calls "preventDefault" on all untrusted KeyboardEvents that reach the document.

See this relevant snippet of code from common.js in the Chrome extension:

 this.onKeyUp = this.onKeyUp.bind(this), e.addEventListener("keydown", e => (0, u.preventUntrustedEvent)(e, this.onKeyDown)), e.addEventListener("keyup", e => (0, u.preventUntrustedEvent)(e, this.onKeyUp))

I assume this is a security measure to stop a page from being able to script that Evernote extension's overlay with simulated actions. However, there are better ways to validate user input than preventDefault and clobbering all key events that reach the document.

As implemented, this has the side of effect of breaking apps and extensions that depend on the standard event behavior.

I had two customers reaching out to us about this issue in our Chrome extension yesterday so this appears to be a new issue in Evernote.


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...