[Webkit-unassigned] [Bug 228270] Elements cloned into an iframe cannot be accessed by webdriver
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 27 08:54:01 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=228270
Sam Sneddon [:gsnedders] <gsnedders at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gsnedders at apple.com
--- Comment #3 from Sam Sneddon [:gsnedders] <gsnedders at apple.com> ---
Comment on attachment 434175
--> https://bugs.webkit.org/attachment.cgi?id=434175
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=434175&action=review
(Non-reviewer r-)
> Source/WebKit/WebProcess/Automation/WebAutomationSessionProxy.js:213
> + (value.nodeType == NodeType.ELEMENT || value.nodeType == NodeType.DOCUMENT || value instanceof ShadowRoot);
The "value instanceof ShadowRoot" check still suffers from the exact same problem as described above.
My suggestion here would be something like:
let constructor = value.constructor;
do {
if (constructor.name === "Element") return true;
} while(constructor = Object.getPrototypeOf(constructor));
return false;
(With whatever else is needed to make that safe, not thought too much about this! Still need to check that value is a non-null object, at least.)
Also: per spec this is just used by https://w3c.github.io/webdriver/#dfn-internal-json-clone-algorithm, and in that case per spec we simply want to check if its an instanceof Element; so do we even want to allow other Nodes?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210727/86b326d9/attachment.htm>
More information about the webkit-unassigned
mailing list