Bug 1442466 - Fix bogus IsInNativeAnonymousSubtree function in nsWebBrowserFind. r=bzbarsky

This is ultimately the root cause of the issue. I'm landing a test to ensure we notice the behavior change if we make it, in addition to a test for this issue itself, to ensure that we don't get stuck, since after bug 1510485 we don't return such nodes from nsFind when window.find is called anyway. This code made no sense, it only returned true if the binding parent is the node itself, which as far as I can tell cannot happen, so it was just a very expensive way to return false. Differential Revision: https://phabricator.services.mozilla.com/D14122 --HG-- extra : moz-landing-system : lando
2025-02-03 04:27:41 +00:00 · 2018-12-11 04:18:11 +00:00 · 2018-12-11 04:18:11 +00:00 · b6deca5eb0
commit b6deca5eb0
parent 8c00ef3f30
4 changed files with 28 additions and 15 deletions
--- a/dom/base/test/mochitest.ini
+++ b/dom/base/test/mochitest.ini
@ -657,6 +657,8 @@ skip-if = verify
 skip-if = (toolkit == 'android') # Android: Bug 775227
 [test_find.html]
 skip-if = (toolkit == 'android') # Android: Bug 1465387
+[test_find_nac.html]
+skip-if = (toolkit == 'android') # Android: Bug 1465387
 [test_getAttribute_after_createAttribute.html]
 [test_getElementById.html]
 [test_getTranslationNodes.html]
--- a/dom/base/test/test_find.html
+++ b/dom/base/test/test_find.html
@ -7,7 +7,7 @@
 const t = async_test("Test window.find / nsFind");

 function testFindable(isFindable, textToFind, buildDoc, description) {
-  try{
+  try {
    const iframe = document.querySelector("iframe")
    iframe.contentDocument.documentElement.innerHTML =
      (typeof buildDoc == "string") ? buildDoc : "";
@ -111,6 +111,17 @@ let runTests = t.step_func_done(function() {
    div.attachShadow({ mode: "open" }).innerHTML = `This is Shadow <slot></slot>`;
    document.documentElement.appendChild(div);
  }, "Mixed shadow and non-shadow text");
+
+  // NOTE(emilio): It is probably doable / worth changing this to return true,
+  // maybe, by relaxing the security checks in the ranges nsFind returns or
+  // such.
+  //
+  // See bug 1442466 / bug 1510485 / bug 1505887.
+  testFindable(false, "foo", function(document) {
+    let input = document.createElement("input");
+    input.value = "foo";
+    document.documentElement.appendChild(input);
+  }, "Native anonymous content isn't exposed in window.find");
 });

 window.onload = function() {
--- a/dom/base/test/test_find_nac.html
+++ b/dom/base/test/test_find_nac.html
@ -0,0 +1,13 @@
+<!doctype html>
+<meta charset="utf-8">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<input value="bar">
+<script>
+test(function() {
+  // The exact return value of this first call is tested in
+  // test_find.html.
+  window.find("bar");
+  assert_false(window.find("bar"));
+}, "window.find doesn't get stuck on NAC");
+</script>
--- a/toolkit/components/find/nsWebBrowserFind.cpp
+++ b/toolkit/components/find/nsWebBrowserFind.cpp
@ -316,19 +316,6 @@ nsWebBrowserFind::SetMatchCase(bool aMatchCase) {
  return NS_OK;
 }

-static bool IsInNativeAnonymousSubtree(nsIContent* aContent) {
-  while (aContent) {
-    nsIContent* bindingParent = aContent->GetBindingParent();
-    if (bindingParent == aContent) {
-      return true;
-    }
-
-    aContent = bindingParent;
-  }
-
-  return false;
-}
-
 void nsWebBrowserFind::SetSelectionAndScroll(nsPIDOMWindowOuter* aWindow,
                                             nsRange* aRange) {
  nsCOMPtr<nsIDocument> doc = aWindow->GetDoc();
@ -355,7 +342,7 @@ void nsWebBrowserFind::SetSelectionAndScroll(nsPIDOMWindowOuter* aWindow,
  // <textarea> or text <input>, we need to get the outer frame
  nsITextControlFrame* tcFrame = nullptr;
  for (; content; content = content->GetParent()) {
-    if (!IsInNativeAnonymousSubtree(content)) {
+    if (!content->IsInNativeAnonymousSubtree()) {
      nsIFrame* f = content->GetPrimaryFrame();
      if (!f) {
        return;