Bug 1634262 - Disallow recursive `Document.execCommand()` calls r=smaug
authorMasayuki Nakano <masayuki@d-toybox.com>
Wed, 26 Aug 2020 11:27:41 +0000
changeset 546279 f725948fa93a3aedb622413e02c1f4de147dea63
parent 546278 f9b28a22bc19f092615405034733ede00c2c3f4d
child 546280 8993d8c570a4fad79afd72e5ebef9e6bc1c81813
push id125012
push usermasayuki@d-toybox.com
push dateWed, 26 Aug 2020 11:31:25 +0000
treeherderautoland@f725948fa93a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug
bugs1634262
milestone82.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1634262 - Disallow recursive `Document.execCommand()` calls r=smaug It's disabled in the Nightly channel and early beta half a year ago, but there are no regression reports and Chrome has already disabled it since 2014. So, let's disable this feature on the Release channel (and late Beta) too for better security and making simpler implementation in the future. Differential Revision: https://phabricator.services.mozilla.com/D87992
modules/libpref/init/StaticPrefList.yaml
testing/web-platform/tests/editing/other/recursive-exec-command-calls.tentative.html
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -1614,17 +1614,17 @@
   type: bool
   value: true
   mirror: always
 
 # If set this to true, `Document.execCommand` may be performed nestedly.
 # Otherwise, nested calls just return false.
 - name: dom.document.exec_command.nested_calls_allowed
   type: bool
-  value: @IS_NOT_EARLY_BETA_OR_EARLIER@
+  value: false
   mirror: always
 
 - name: dom.enable_window_print
   type: bool
   value: @IS_NOT_ANDROID@
   mirror: always
 
 - name: dom.element.transform-getters.enabled
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/editing/other/recursive-exec-command-calls.tentative.html
@@ -0,0 +1,37 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>Test recursive `Document.execCommand()` calls</title>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<div contenteditable><br></div>
+<script>
+"use strict";
+
+setup({explicit_done: true});
+
+/**
+ * This test checks whether the browser allows or disallows recursive
+ * Document.execCommand() calls.
+ * https://github.com/w3c/editing/issues/200#issuecomment-578097441
+ */
+function runTests() {
+  test(function () {
+    let editor = document.querySelector("div[contenteditable]");
+    editor.focus();
+    let counter = 0;
+    editor.addEventListener("input", event => {
+      if (++counter < 10) {
+        let result = document.execCommand("insertText", false, `, ${counter}`);
+        assert_false(result,
+            '`execCommand("insertText") in the "input" event listener should return `false`');
+      }
+    });
+    document.execCommand("insertText", false, "0");
+    assert_equals(editor.textContent, "0",
+        '`execCommand("insertText") in the "input" event listener should do nothing');
+  }, "Recursive `Document.execCommand()` shouldn't be supported");
+  done();
+}
+
+window.addEventListener("load", runTests, {once: true});
+</script>