Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(🐛): Remove inaccessible JS frames when serializing #512

Merged
merged 2 commits into from
May 21, 2020
Merged

fix(🐛): Remove inaccessible JS frames when serializing #512

merged 2 commits into from
May 21, 2020

Conversation

wwilsman
Copy link
Contributor

Purpose

Sometimes ads, trackers, and other external scripts may inject iframes with empty documents and a src of javascript:false, javascript:null, or javascript:void. During serialization, these frames might potentially be skipped and left alone if their (empty) documents are not accessible at the time of serialization. This is a problem for asset discovery when JS is disabled because the src attribute is still requested, however, not intercepted or resolved since JS is disabled. This causes the asset discovery browser to hang until the page.goto method times out.

Approach

When the contents of the frame is not accessible in the previous if statement, JS is not enabled, and the frame in question was built with JS, the cloned frame is removed from the cloned DOM.

Potential pitfalls

Frames that are built with JS by the user might still have these javascript:* src attributes. In these cases, the frames will be removed if the document is not accessible. To prevent removal, the frame should be made accessible so that it can be properly serialized.

@wwilsman wwilsman requested a review from Robdel12 May 21, 2020 16:12
Robdel12
Robdel12 approved these changes May 21, 2020
View reviewed changes
Copy link
Contributor

@Robdel12 Robdel12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🏁

To prevent removal, the frame should be made accessible so that it can be properly serialized.

Big 10-4 on that one 👍

@wwilsman
Copy link
Contributor Author

To expand on "the frame should be made accessible" and be more specific: To allow serialization of JS created frames, the sandbox attribute should contain "allow-same-origin" or there should be no sandbox attribute at all for frames created by JS with a javascript:* src attribute.

@wwilsman wwilsman merged commit 86cd887 into master May 21, 2020
@wwilsman wwilsman deleted the ww/remove-inaccessible-js-frames branch May 21, 2020 16:49
djones pushed a commit that referenced this pull request May 21, 2020
@semantic-release-bot
chore(release): 0.26.7 [skip ci]
fceb9a5 
## [0.26.7](v0.26.6...v0.26.7) (2020-05-21)

### Bug Fixes

* **🐛:** Remove inaccessible JS frames when serializing ([#512](#512)) ([86cd887](86cd887))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Robdel12 Robdel12 Robdel12 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wwilsman @Robdel12