#8921 Fix content script injection on sandboxed srcdoc iframes (#8922)

* add for loop in contentScriptCore to remove the sandbox attr and reload * remove skip for related tests * refactor extract logic into ensureSandboxSrcdocIframeInjection * refactor use srdoc and sandbox selector instead of if statement * fix type error * fix comment typo
pixiebrix · Jul 24, 2024 · fb465a9 · fb465a9
1 parent 79f9309
commit fb465a9
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 8 deletions.
diff --git a/end-to-end-tests/tests/runtime/allFrames.spec.ts b/end-to-end-tests/tests/runtime/allFrames.spec.ts
@@ -26,10 +26,6 @@ test("8527: availability allFrames declaration", async ({
   extensionId,
   chromiumChannel,
 }) => {
-  test.skip(
-    chromiumChannel === "chrome",
-    "Skip test on Chrome. https://pixiebrix.slack.com/archives/C07DQ2J7C78",
-  );
   const modId = "@pixies/test/8527-all-frames";
 
   const modActivationPage = new ActivateModPage(page, extensionId, modId);

diff --git a/end-to-end-tests/tests/runtime/srcdocFrames.spec.ts b/end-to-end-tests/tests/runtime/srcdocFrames.spec.ts
@@ -26,10 +26,6 @@ test("8143: mods can run in srcdoc iframes", async ({
   extensionId,
   chromiumChannel,
 }) => {
-  test.skip(
-    chromiumChannel === "chrome",
-    "Skip test on Chrome. See: https://pixiebrix.slack.com/archives/C07DGPVQJKH",
-  );
   const modId = "@pixies/test/8143-repro";
 
   const modActivationPage = new ActivateModPage(page, extensionId, modId);

diff --git a/src/contentScript/contentScriptCore.ts b/src/contentScript/contentScriptCore.ts
@@ -67,6 +67,24 @@ onUncaughtError((error) => {
   }
 });
 
+/**
+ * There is a bug introduced in chromium that prevents the content script from getting injected into
+ * iframes with both the `srcdoc` and `sandbox` attributes. This function reloads affected iframes after removing the
+ * `sandbox` attribute to force content script injection.
+ *
+ * See https://issues.chromium.org/issues/355256366
+ */
+const ensureSandboxedSrcdocIframeInjection = () => {
+  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion -- selecting iframes with srcdoc and sandbox messes up type inference for iframe elements
+  for (const iframe of document.querySelectorAll(
+    "iframe[srcdoc][sandbox]",
+  ) as NodeListOf<HTMLIFrameElement>) {
+    iframe.removeAttribute("sandbox");
+    // eslint-disable-next-line no-self-assign -- force the iframe to reload
+    iframe.srcdoc = iframe.srcdoc;
+  }
+};
+
 export async function init(): Promise<void> {
   console.debug(`contentScriptCore: init, location: ${location.href}`);
 
@@ -80,6 +98,7 @@ export async function init(): Promise<void> {
   // Since 1.8.10, we inject the platform into the runtime
   initRuntime(brickRegistry);
   initDeferredLoginController();
+  ensureSandboxedSrcdocIframeInjection();
 
   initTelemetry();
   initToaster();