LibWeb: Refuse to recursively execute .execCommand()

Spec issue: w3c/editing#477
gmta · Jan 23, 2025 · c203d7d · c203d7d
1 parent 4a0addb
commit c203d7d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/Libraries/LibWeb/DOM/Document.h b/Libraries/LibWeb/DOM/Document.h
@@ -1101,6 +1101,8 @@ class Document
 
     GC::Ref<EditingHostManager> m_editing_host_manager;
 
+    bool m_inside_exec_command { false };
+
     // https://w3c.github.io/editing/docs/execCommand/#default-single-line-container-name
     FlyString m_default_single_line_container_name { HTML::TagNames::div };
 

diff --git a/Libraries/LibWeb/Editing/ExecCommand.cpp b/Libraries/LibWeb/Editing/ExecCommand.cpp
@@ -22,6 +22,12 @@ WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[may
     if (!is_html_document())
         return WebIDL::InvalidStateError::create(realm(), "execCommand is only supported on HTML documents"_string);
 
+    // AD-HOC: All major browsers refuse to recursively execute execCommand() (e.g. inside input event handlers).
+    if (m_inside_exec_command)
+        return false;
+    ScopeGuard guard_recursion = [&] { m_inside_exec_command = false; };
+    m_inside_exec_command = true;
+
     // 1. If only one argument was provided, let show UI be false.
     // 2. If only one or two arguments were provided, let value be the empty string.
     // NOTE: these steps are dealt by the default values for both show_ui and value