Open Bug 1669996 Opened 4 years ago Updated 3 years ago

Selection publicly exposes internal anonymous nodes

Categories

(Core :: DOM: Selection, defect, P3)

Product:
Core
Component:
DOM: Selection
Type:
defect

Tracking

()

People

(Reporter: saschanaz, Unassigned)

References

Details

Attachments

(2 files, 3 obsolete files)

bug1669996.html
55 bytes, text/html
Details
Bug 1669996 - Do not expose chromeonly nodes via Selection API r=emilio
47 bytes, text/x-phabricator-request
Details | Review

Selecting elements like <details> and <input type=date> exposes internal nodes via anchorNode and focusNode.

  1. Open the attachment
  2. Try selecting <details> or <input>. It's easier if you start dragging from or finish at the outside of the elements.
  3. Call getSelection() from devtools console

Expected: No Restricted nodes
Actual: It happens

Assignee: nobody → krosylight
Severity: -- → S3
Priority: -- → P3
Attachment #9180799 - Attachment description: Bug 1669996 - Only expose DOM accessible nodes from Selection r=emilio → Bug 1669996 - Rename chromeonly functions as *Internal()
Pushed by krosylight@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b85cbc2a47a6 Do not expose chromeonly nodes via Selection API r=emilio
Attachment #9180799 - Attachment is obsolete: true

Both selectionStart/End and anchorOffset/focusOffset depend on same Selection::GetAnchorFocusRange().

Depends on D93258

Attachment #9181714 - Attachment is obsolete: true
Flags: needinfo?(krosylight)
Pushed by krosylight@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e4b4e21f57de Do not expose chromeonly nodes via Selection API r=emilio
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/26220 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot

I tested some Shadow DOM and it seems my current patch doesn't cover such case. It still exposes shadow nodes while Blink does not.

Mirko, is Blink behavior in some spec or is our behavior okay?

Flags: needinfo?(mbrodesser)

Ah okay, it's not.

Flags: needinfo?(mbrodesser)
See Also: → 1562561

A new case to cover: Selecting text inside ::before by find-in-page exposes internal Restricted node. ("Example 1" in https://w3c.github.io/tr-design/src/readme.html)

The leave-open keyword is there and there is no activity for 6 months.
:saschanaz, maybe it's time to close this bug?

Flags: needinfo?(krosylight)

The issue is still valid, but not the keyword:

Flags: needinfo?(krosylight)
Keywords: leave-open

Hmm, I wonder I could just return adjusted range objects from Selection methods and cache them to fulfill the same object requirement.

Attachment #9232920 - Attachment is obsolete: true

Not working on this and no plan to return anytime soon...

Assignee: krosylight → nobody
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: