All geek questions in one place

Have windows.event.clientX clientY processing windows update updated 2846071?

Did windows help update http://support.microsoft.com/?kbid=2846071 to cancel window.event.clientX and clientY processing? It seems that Windows 7 machines using IE 9 or 10 are now returning what looks like the window position (upper left corner) rather than the mouse position in the window. The numbers look accurate, but may be negative.

Or this is a “fix”, and I really have to use something else for the mouse position.

I used it in window.onbeforeunload to detect a user leaving the page without logging out and giving them a download, but I disabled it today until I figured it out.

+4
source share
4 answers

Argh! Ok, so Microsoft is trying to fix the problem. And what they violated in the process.

Initially, IE skipped the coordinates of events outside the browser window (1) (for example, in an area that the web page should not be aware of), as well as coordinate leakage when the IE window does not have active focus (2) (for example, when you are in another application or on another monitor ... and finally it leaked for a few keystrokes (3) .

It looks like Microsoft fixed the coordinate leak ... but did it using FULLY , deleting all of them ... including the USEFUL in the coordinates of the viewport!

eg. events return undefined for X, Y coordinates, which, of course, are 100% inside the browser window.

+2
source

It really looks like Microsoft was not going to release it.

  • They previously stated that they did not think that there was a risk "outside the laboratory."
  • This change is undocumented in a patch that refers to "Memory Corruption" and "JIS Encoding Vulnerabilities"
  • If clientX returned only the coordinates within the page, the risk goes away.

Is a patch for a patch along the way?

Next: The problem with clientX / clientY (and similar properties) depends on the event used to run javascript. I found that onfocus returns the wrong coordinates, but onclick returns the correct coordinates. Did not try other activities.

+2
source

OP javascript was hacked by this Microsoft update July 2013 (this is even recognized in the Known Issues section):

http://support.microsoft.com/kb/2846071/en-gb

But this was fixed in an update in August 2013:

http://support.microsoft.com/kb/2862772

I confirmed that the clients on which I am installing the Aug update no longer have a problem.

+1
source

Source: https://habr.com/ru/post/1491018/

More articles:


All Articles