Bad Safari extensions bug with context menus

April 20 2020 by Jeff Johnson

This blog post is a heads-ups to Safari extension users, Safari extension developers, and hopefully the Safari extensions engineering team at Apple about a bad bug in Safari with extensions and context menus. The bug is that if you have a Safari extension enabled, and the Safari extension has a context menu item (as many extensions do), then opening a context menu on a link can sometimes cause the link to open, as if you had just clicked the link instead of control-clicking. This bug was introduced recently; my suspicion is that started with the software releases on March 24, which included Safari 13.1 for Mac. I have filed a report (FB7666007) in Apple's official bug reporting system. The following are steps to reproduce on the latest versions of Catalina and Mojave with Safari 13.1 installed. (The bug also occurs with Safari Technology Preview 104.)

1. Install and enable one Safari extension with a context menu item. (An example is my own StopTheMadness, of course, but almost any extension will do.)
2. In Safari, open https://www.apple.com. (This is just an example. The bug occurs with any web page and any link.
3. Launch Activity Monitor app in /Applications/Utilities.
4. Cover the Safari window completely with the Activity Monitor window, resizing if necessary.
5. In Activity Monitor, search for the name of the extension, e.g., "StopTheMadness". (Safari app extensions run in their own sandboxed processes.)
6. Wait until the extension process quits. (This tends to happen soon when Safari is inactive, which is why we covered the Safari window with Activity Monitor.)
7. Switch back to Safari.
8. Open a context menu on the "Mac" link at the top of the page.
9. Press escape to dismiss the context menu.

Sometimes the page navigation starts to occur even before you press escape to dismiss the context menu. The link is followed as if you had clicked it. And indeed you did click it! Normally, when you open a context menu, it produces a contextmenu event in JavaScript but not a click event. However, when the Safari bug occurs, it produces both a contextmenu event and a click event, the latter causing the link to be followed.

The bug has nothing to do with Activity Monitor specifically; we just use Activity Monitor to make sure that Safari has been inactive long enough for the extension process to quit. On Catalina the bug also occurs right after launching Safari, without having to follow the other steps. On Mojave it doesn't for some reason, but the above steps work on both Catalina and Mojave. I haven't tested with Safari 13.1 on High Sierra, but the bug does not occur with an older version on Safari on High Sierra.

There's nothing unique about StopTheMadness that triggers the bug. I've reproduced it without StopTheMadness enabled, using a barebones sample extension that has a context menu item and nothing else. I included the sample project with my report to Apple.

@interface SafariExtensionHandler : SFSafariExtensionHandler
@end
@implementation SafariExtensionHandler
-(void)contextMenuItemSelectedWithCommand:(NSString*)command inPage:(SFSafariPage*)page userInfo:(NSDictionary<NSString*,id>*)userInfo {
	NSLog(@"ContextualMenuTest contextMenuItemSelected");
}
-(void)validateContextMenuItemWithCommand:(NSString*)command inPage:(SFSafariPage*)page userInfo:(NSDictionary<NSString*,id>*)userInfo validationHandler:(void(^)(BOOL shouldHide,NSString* text))validationHandler {
	NSLog(@"ContextualMenuTest validateContextMenuItem");
	validationHandler(NO, nil);
}
@end

I hope you can see that this is a very bad bug. The user isn't expecting the link itself to open, just the context menu on the link. Unfortunately, this is not the only bad bug out there involving Safari extensions: the Catalina bug that prevents users from enabling Safari extensions, which I blogged about before, still hasn't be fixed. I'm still getting support requests for that. It's not a great time right now for Safari extension users and developers.