Open Bug 1695969 Opened 3 years ago Updated 3 years ago

window.frames leaks closed shadow roots


(Core :: DOM: Core & HTML, defect, P2)

Firefox 86





(Reporter: masonfreed, Assigned: edgar)


(Blocks 1 open bug)



(1 file)

Attached file iframes_in_shadow.html

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4427.5 Safari/537.36

Steps to reproduce:

See the attached repro - the window.frames attribute returns all frames on the page, including those located within shadow roots. Per the discussion at [1], all frames within shadow roots shouldn't be exposed there, but certainly closed shadow roots should not. In the attached repro, the entire shadow tree is leaked this way.

This WPT test verifies the behavior:


Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core
Blocks: shadowdom

This is defined at In particular, says:

A browsing context child is a document-tree child browsing context of parent if child is a child browsing context and child's container is in a document tree.

If a browsing context's container would be in a shadow tree it would not be in a document tree.

Thanks for the spec link!

Assignee: nobody → echen
Severity: -- → S3
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.