LibWeb/CSS: Block shadow host matching in DOM #2552
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -867,6 +867,11 @@ static bool fast_matches_simple_selector(CSS::Selector::SimpleSelector const& si | |||
| static bool fast_matches_compound_selector(CSS::Selector::CompoundSelector const& compound_selector, Optional<CSS::CSSStyleSheet const&> style_sheet_for_rule, DOM::Element const& element, GC::Ptr<DOM::Element const> shadow_host) | |||
There was a problem hiding this comment.
This commit only touches the non-recursive fast_matches code path. What about the recursive matches path?
See can_use_fast_matches for how we decide whether a selector is fast-matchable :)
Also, please add a test!
ycarmon
force-pushed
the
prevent-shadow-host-direct-selectors
branch
4 times, most recently
from
19a0df3 to
8cbbaac
Compare
ycarmon
force-pushed
the
prevent-shadow-host-direct-selectors
branch
from
8cbbaac to
8cf83eb
Compare
ycarmon
force-pushed
the
prevent-shadow-host-direct-selectors
branch
from
8cf83eb to
d6cb319
Compare
AtkinsSJ
reviewed
Dec 2, 2024
Comment on lines
758
to
760
| if (shadow_host && &element == shadow_host.ptr() && component.type != CSS::Selector::SimpleSelector::Type::PseudoClass && component.type != CSS::Selector::SimpleSelector::Type::PseudoElement) { | ||
| return false; | ||
| } |
There was a problem hiding this comment.
It'd be nice to move this check into its own static function, to save having to remember to modify both places.
Also... I think this doesn't block enough. It'll allow other kinds of pseudo-class, such as :first-child.
There was a problem hiding this comment.
updated it to allow only host and compound pseudo classes
ycarmon
force-pushed
the
prevent-shadow-host-direct-selectors
branch
2 times, most recently
from
95be6cc to
4cf8374
Compare
Fixes an issue where selectors inside a shadow root could incorrectly match their shadow host directly using selectors like #host, instead of requiring :host pseudo-class selectors. Fixes issue LadybirdBrowser#2319
Add a test that verifies selectors inside a shadow root can only match their host element through :host pseudo-class. Tests both simple selectors (#id, .class) and complex selectors (:not, :where) to ensure they are blocked from matching the host element directly. Fixes issue LadybirdBrowser#2319
ycarmon
force-pushed
the
prevent-shadow-host-direct-selectors
branch
from
4cf8374 to
a7a71ca
Compare
AtkinsSJ
approved these changes
Dec 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes an issue where selectors inside a shadow root could incorrectly match their shadow host directly using selectors like #host, instead of requiring :host pseudo-class selectors.
Fixes issue #2319