Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.12.0, 5.12.1
-
None
-
44303861fd116b3a279d26300147e89a0bf8121c (qt/qtwebengine/5.12)
Description
A QWebEngineScript set to inject at QWebEngineScript::DocumentCreation in a world other than QWebEngineScript::MainWorld doesn't run if QWebEngineSettings::JavascriptEnabled is set to false. It will on 5.11 and the docs say that that attribute governs the running of JavaScript programs in the MainWorld so I believe this is a regression. Such scripts injected at QWebEngineScript::DocumentReady do still run.
I believe this is due to the fix for QTBUG-66011 (and QTBUG-67453). That changes document creation targeting scripts to be injected when DidClearWindowObject is called which as far as I can see is done from LocalFrameClientImpl::DispatchDidClearWindowObjectInMainWorld in src/3rdparty/chromium/third_party/blink/renderer/core/exported/local_frame_client_impl.cc I haven't checked but the name of the calling function does seem to imply it only fires when the window object is cleared in the main world, I assume that doesn't happen when JS is disabled there.
Here is a reproducer:
#include <QApplication> #include <QWebEngineView> #include <QWebEngineSettings> #include <QWebEngineScript> #include <QWebEngineScriptCollection> #include <QUrl> int main(int argc, char *argv[]) { QApplication app(argc, argv); QWebEngineView view; view.settings()->setAttribute(QWebEngineSettings::JavascriptEnabled, false); QWebEngineScript script; script.setSourceCode("console.error('RUNNING')"); script.setInjectionPoint(QWebEngineScript::DocumentCreation); //script.setInjectionPoint(QWebEngineScript::DocumentReady); script.setWorldId(QWebEngineScript::ApplicationWorld); view.page()->scripts().insert(script); view.load(QUrl("about:blank")); view.show(); return app.exec(); }
It prints js: RUNNING on 5.11 or if the setAttribute line is commented out or the injection point is changed.
I have another complaint which may have the same root cause but I'm not sure it is worth opening a bug for. Since 5.12 the document element is no longer available (it is null) when scripts targeting DocumentCreation are injected (there is discussion of what scripts are affected on the qutebrowser issue). This is a regression from my point of view but the description for that injection point says This is not suitable for any DOM operation. so it isn't technically a bug. It did break some scripts though and the fix (run them at DocumentReady, or we could do a tight poll on the document element) isn't as nice as the original behaviour (for example a script that adds a style to a page won't take effect until the page has already rendered causing a visual flash). So if, while looking into this issue, that use case could be kept in mind I would appreciate it.
Attachments
For Gerrit Dashboard: QTBUG-74304 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
258039,2 | Run non-MainWorld DocumentCreation scripts even if JS disabled | 5.12 | qt/qtwebengine | Status: MERGED | +2 | 0 |