Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 55bbd269b7966d246b1ebfd67daaa912d3ac67a0
https://github.com/WebKit/WebKit/commit/55bbd269b7966d246b1ebfd67daaa912d3ac67a0
Author: Wenson Hsieh <[email protected]>
Date: 2026-05-31 (Sun, 31 May 2026)
Changed paths:
M Source/WebCore/page/text-extraction/TextExtraction.cpp
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/TextExtractionTests.mm
Log Message:
-----------
[AutoFill Debugging] Specifying a target node may trigger infinite recursion
when extracting text
https://bugs.webkit.org/show_bug.cgi?id=315953
rdar://177406940
Reviewed by Abrar Rahman Protyasha.
In the case where a webpage contains a same-origin subframe and the client has
specified a target
node for extraction that contains the same-origin subframe, we end up recursing
infinitely when
extracting text, due to the fact that `TextExtraction::extractItem` will set
`extractionRootNode`
to the target node rather than the subframe content document's body element,
causing us to encounter
and recurse into the same same-origin subframe again during extraction.
Fix this by clearing out the target node ID when recursing into any same-origin
subframes.
Test: TextExtractionTests.TargetNodeWithSameOriginSubframe
* Source/WebCore/page/text-extraction/TextExtraction.cpp:
(WebCore::TextExtraction::extractRecursive):
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/TextExtractionTests.mm:
(TestWebKitAPI::TEST(TextExtractionTests, TargetNodeWithSameOriginSubframe)):
Canonical link: https://commits.webkit.org/314250@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
