-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
evaluateOnNewDocument not working in Iframes with sandbox attribute set to allow-same-origin #1106
Comments
I ran into something similar so i've expanded upon the original test case: Findings:
reprovar pup = require('puppeteer');
(async () => {
var b = await pup.launch();
var p = await b.newPage();
await p.evaluateOnNewDocument(() => {
window.foobar = Math.random() * 1000;
});
await p.goto('about:blank');
var basiciframe = await p.evaluate(() => {
var el = document.createElement('iframe');
document.body.appendChild(el);
return el.contentWindow.foobar;
});
var sandboxSOiframe = await p.evaluate(() => {
var el = document.createElement('iframe');
el.setAttribute('sandbox', 'allow-same-origin');
document.body.appendChild(el);
return el.contentWindow.foobar;
});
var sandboxSOASiframe = await p.evaluate(() => {
var el = document.createElement('iframe');
el.setAttribute('sandbox', 'allow-same-origin allow-scripts');
document.body.appendChild(el);
return el.contentWindow.foobar;
});
var srcdociframe = await p.evaluate(() => {
var el = document.createElement('iframe');
el.srcdoc = 'blank page, boys.';
document.body.appendChild(el);
return el.contentWindow.foobar;
});
console.log('basic iframe', basiciframe);
console.log('sandbox same-origin iframe', sandboxSOiframe);
console.log('sandbox same-origin&scripts iframe', sandboxSOASiframe);
console.log('srcdoc iframe', srcdociframe);
await b.close();
})(); returns:
|
Also there is no option to bypass CSP using evaluateOnNewDocument. By default, evaluateOnNewDocument is not working in frames loaded from different domains. *EDIT Seems to be fixed in 1.5.0 |
We're marking this issue as unconfirmed because it has not had recent activity and we weren't able to confirm it yet. It will be closed if no further activity occurs within the next 30 days. |
We are closing this issue. If the issue still persists in the latest version of Puppeteer, please reopen the issue and update the description. We will try our best to accomodate it! |
I can confirm that this issue is still present with Puppeteer 19.9.1, but only affecting srcdoc iframes:
|
@NightTsarina do you have a reproducible example? |
Sure, it is just an improvement over previous snippets: import puppeteer from 'puppeteer';
async function main() {
const browserArgs = [
'--disable-dev-shm-usage',
'--ignore-certificate-errors',
'--no-sandbox',
];
const launchOptions = {
headless: 'new',
args: browserArgs,
};
const browser = await puppeteer.launch(launchOptions);
const page = await browser.newPage();
await page.evaluateOnNewDocument(() => {
window.foobar = 'PASSED';
});
await page.goto('about:blank');
const tests = {
'basic <iframe>': {},
'sandbox + same-origin <iframe>': {
attributes: ['sandbox', 'allow-same-origin'],
},
'sandbox + same-origin & allow-scripts <iframe>': {
attributes: ['sandbox', 'allow-same-origin allow-scripts'],
},
'srcdoc <iframe>': {
srcdoc: 'Test content',
},
};
for (const [testName, config] of Object.entries(tests)) {
const result = await page.evaluate(({ attributes, srcdoc }) => {
const el = document.createElement('iframe');
if (attributes) {
el.setAttribute(...attributes);
}
if (srcdoc) {
el.srcdoc = srcdoc;
}
document.body.appendChild(el);
return el.contentWindow.foobar ?? 'FAILED';
}, config);
console.log(`Test ${testName}: ${result}`);
}
await browser.close();
}
await main();
process.exit();
Although, I have just tested upgrading the version of chrome, and it seems this was fixed recently. I tested:
|
Thanks! I am unable to reproduce on the latest version as well. I assume the issue has been fixed upstream. |
Steps to reproduce
Tell us about your environment:
What steps will reproduce the problem?
Please include code that reproduces the issue.
What is the expected result?
foo
should be1
instead ofundefined
What happens instead?
foo
should be1
instead ofundefined
The text was updated successfully, but these errors were encountered: