Skip to content

fix(trace): escape script-context interpolation in snapshot renderer#40497

Merged
pavelfeldman merged 1 commit intomicrosoft:mainfrom
pavelfeldman:snapshot-script-context
Apr 30, 2026
Merged

fix(trace): escape script-context interpolation in snapshot renderer#40497
pavelfeldman merged 1 commit intomicrosoft:mainfrom
pavelfeldman:snapshot-script-context

Conversation

@pavelfeldman
Copy link
Copy Markdown
Member

@pavelfeldman pavelfeldman commented Apr 29, 2026

Summary

  • The bootstrap `<script>` injected into rendered snapshots interpolated `callId`, `snapshotName`, and `viewport` into the script body. `viewport` used `JSON.stringify` (safe for JS strings, but a value containing `</script>` still terminates the surrounding HTML script tag); `callId`/`snapshotName` were raw-interpolated as `"${id}"`.
  • Trace input is untrusted; route every interpolated value through a helper that JSON-stringifies and replaces `<` with `\u003c`, so an attacker-crafted `trace.zip` cannot break out of the inline script.

@pavelfeldman pavelfeldman force-pushed the snapshot-script-context branch from 926f32f to f974915 Compare April 29, 2026 22:45
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Test results for "MCP"

79 failed
❌ [chrome] › mcp/config-resolve.spec.ts:69 › browserName and channel › config file browserName chromium does not auto-set channel @mcp-macos-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:77 › browserName and channel › config file browserName firefox does not set channel @mcp-macos-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:85 › browserName and channel › config file browserName + channel are both preserved @mcp-macos-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:220 › merge order › env overrides config file @mcp-macos-latest-chrome
❌ [chrome] › mcp/config.spec.ts:88 › browserName @mcp-macos-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:69 › browserName and channel › config file browserName chromium does not auto-set channel @mcp-ubuntu-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:77 › browserName and channel › config file browserName firefox does not set channel @mcp-ubuntu-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:85 › browserName and channel › config file browserName + channel are both preserved @mcp-ubuntu-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:220 › merge order › env overrides config file @mcp-ubuntu-latest-chrome
❌ [chrome] › mcp/config.spec.ts:88 › browserName @mcp-ubuntu-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:69 › browserName and channel › config file browserName chromium does not auto-set channel @mcp-windows-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:77 › browserName and channel › config file browserName firefox does not set channel @mcp-windows-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:85 › browserName and channel › config file browserName + channel are both preserved @mcp-windows-latest-chrome
❌ [chrome] › mcp/config-resolve.spec.ts:220 › merge order › env overrides config file @mcp-windows-latest-chrome
❌ [chrome] › mcp/config.spec.ts:88 › browserName @mcp-windows-latest-chrome
❌ [chromium] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-macos-latest-chromium
❌ [chromium] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-macos-latest-chromium
❌ [chromium] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-macos-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:86 › delete-data @mcp-macos-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-macos-latest-chromium
❌ [chromium] › mcp/config.spec.ts:88 › browserName @mcp-macos-latest-chromium
❌ [chromium] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-windows-latest-chromium
❌ [chromium] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-windows-latest-chromium
❌ [chromium] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-windows-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:86 › delete-data @mcp-windows-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-windows-latest-chromium
❌ [chromium] › mcp/config.spec.ts:88 › browserName @mcp-windows-latest-chromium
❌ [chromium] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-ubuntu-latest-chromium
❌ [chromium] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-ubuntu-latest-chromium
❌ [chromium] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-ubuntu-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:86 › delete-data @mcp-ubuntu-latest-chromium
❌ [chromium] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-ubuntu-latest-chromium
❌ [chromium] › mcp/config.spec.ts:88 › browserName @mcp-ubuntu-latest-chromium
❌ [firefox] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:86 › delete-data @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/config.spec.ts:88 › browserName @mcp-ubuntu-latest-firefox
❌ [firefox] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-windows-latest-firefox
❌ [firefox] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-windows-latest-firefox
❌ [firefox] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-windows-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:86 › delete-data @mcp-windows-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-windows-latest-firefox
❌ [firefox] › mcp/config.spec.ts:88 › browserName @mcp-windows-latest-firefox
❌ [firefox] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-macos-latest-firefox
❌ [firefox] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-macos-latest-firefox
❌ [firefox] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-macos-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:86 › delete-data @mcp-macos-latest-firefox
❌ [firefox] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-macos-latest-firefox
❌ [firefox] › mcp/config.spec.ts:88 › browserName @mcp-macos-latest-firefox
❌ [msedge] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-windows-latest-msedge
❌ [msedge] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-windows-latest-msedge
❌ [msedge] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-windows-latest-msedge
❌ [msedge] › mcp/cli-session.spec.ts:86 › delete-data @mcp-windows-latest-msedge
❌ [msedge] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-windows-latest-msedge
❌ [msedge] › mcp/config.spec.ts:88 › browserName @mcp-windows-latest-msedge
❌ [webkit] › mcp/cli-core.spec.ts:114 › check @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-core.spec.ts:123 › uncheck @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:86 › delete-data @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-macos-latest-webkit
❌ [webkit] › mcp/config.spec.ts:88 › browserName @mcp-macos-latest-webkit
❌ [webkit] › mcp/cli-core.spec.ts:114 › check @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-core.spec.ts:123 › uncheck @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:86 › delete-data @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-windows-latest-webkit
❌ [webkit] › mcp/config.spec.ts:88 › browserName @mcp-windows-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:21 › should not save user data by default (in-memory mode) @mcp-ubuntu-latest-webkit
❌ [webkit] › mcp/cli-isolated.spec.ts:45 › should save user data with --persistent flag @mcp-ubuntu-latest-webkit
❌ [webkit] › mcp/cli-json.spec.ts:84 › list after open returns one browser entry @mcp-ubuntu-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:86 › delete-data @mcp-ubuntu-latest-webkit
❌ [webkit] › mcp/cli-session.spec.ts:98 › delete-data named session @mcp-ubuntu-latest-webkit
❌ [webkit] › mcp/config.spec.ts:88 › browserName @mcp-ubuntu-latest-webkit

6742 passed, 927 skipped

Merge workflow run.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 29, 2026

Test results for "tests 1"

6 flaky ⚠️ [installation tests] › screencast.spec.ts:18 › screencast works `@package-installations-macos-latest`
⚠️ [chromium-page] › page/page-request-continue.spec.ts:754 › propagate headers cross origin redirect after interception `@chromium-ubuntu-22.04-arm-node20`
⚠️ [chromium-library] › library/video.spec.ts:647 › screencast › should capture full viewport `@chromium-ubuntu-22.04-node24`
⚠️ [firefox-library] › library/inspector/cli-codegen-1.spec.ts:1080 › cli codegen › should not throw csp directive violation errors `@firefox-ubuntu-22.04-node20`
⚠️ [firefox-library] › library/inspector/cli-codegen-3.spec.ts:224 › cli codegen › should generate frame locators (4) `@firefox-ubuntu-22.04-node20`
⚠️ [firefox-page] › page/page-emulate-media.spec.ts:144 › should keep reduced motion and color emulation after reload `@firefox-ubuntu-22.04-node20`

41579 passed, 784 skipped

Merge workflow run.

@pavelfeldman pavelfeldman merged commit 37ff94b into microsoft:main Apr 30, 2026
32 of 45 checks passed
This was referenced Apr 30, 2026
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yury-s yury-s yury-s approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pavelfeldman @yury-s