Current spatial navigation implementation method may not be ideal

  • Moderator

    While looking in the Element Inspector, I noticed some CSS is being injected into each viewed page's DOM by inserting a style element, to provide styling for the spatial navigation. It permits some silly stuff to be done by a page author to Vivaldi's spatial navigation: [code] <style>#_vivaldi-spatnav-focus-indicator { box-shadow: 0 0 100px 200px rgba(255,0,0,0.70); background: rgba(255,0,200,0.80); border: 2px solid #0f0; } #_vivaldi-spatnav-focus-indicator > div {background: #FF0;}</style>


    asdfghjkl asdfghjkl asdfghjkl

    <script>var sillyDiv = document.createElement("div"); var intervalID = setInterval(function(){ document.getElementById('_vivaldi-spatnav-focus-indicator').appendChild(sillyDiv); sillyDiv.innerHTML = "<p>Hello :-P <br>Position is " + $('#_vivaldi-spatnav-focus-indicator').position().top + ", " + $('#_vivaldi-spatnav-focus-indicator').position().left + ".</p>"; }, 100);</script> [/code] Only save that and try it out using Vivaldi's spatial navigation on it (shift + arrow keys) if you thoroughly understand what that code does (I don't want to encourage people who do not know Javascript to get into a habit of running untrusted code locally =P) There's no security issue or anything like that (as far as I can tell), but still... it doesn't seem ideal that a page is able to influence a Vivaldi feature so much. Also, it looks a bit odd to see extraneous CSS in the DOM inspector. [size=1](For future reference, this was on Vivaldi on OS X.)[/size]

  • Yeh, ideally, this stuff should be protected and hidden from the page.

Log in to reply

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.