Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Prevent error when using <select name="attributes"> #1432

Merged
merged 7 commits into from
Mar 28, 2019
Merged

fix: Prevent error when using <select name="attributes"> #1432

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8b5c0b8
fix: safely get node attributes even when clobbered
straker Mar 13, 2019
4ec2dca
Empty commit to retrigger build
straker Mar 14, 2019
3f9c01e
always return NamedNodeMap, don't rely on attr order for test
straker Mar 14, 2019
a6f0d76
fix
straker Mar 14, 2019
efca43b
add eslint rule to prevent node.attributes
straker Mar 21, 2019
447af3f
Merge branch 'develop' into getNodeAttributes
straker Mar 22, 2019
56e832d
don't use NamedNodeMap without window object
straker Mar 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .eslintrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,12 @@
{
"selector": "MemberExpression[property.name=tagName]",
"message": "Don't use node.tagName, use node.nodeName instead."
},
{
// node.attributes can be clobbered so is unsafe to use
// @see https://github.com/dequelabs/axe-core/pull/1432
"selector": "MemberExpression[object.name=node][property.name=attributes]",
"message": "Don't use node.attributes, use node.hasAttributes() or axe.utils.getNodeAttributes(node) instead."
}
]
}
Expand Down
2 changes: 1 addition & 1 deletion lib/checks/aria/allowed-attr.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ var attr,
attrName,
allowed,
role = node.getAttribute('role'),
attrs = node.attributes;
attrs = axe.utils.getNodeAttributes(node);
straker marked this conversation as resolved.
Show resolved Hide resolved
straker marked this conversation as resolved.
Show resolved Hide resolved

if (!role) {
role = axe.commons.aria.implicitRole(node);
Expand Down
2 changes: 1 addition & 1 deletion lib/checks/aria/unsupportedattr.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ const nodeName = node.nodeName.toUpperCase();
const lookupTable = axe.commons.aria.lookupTable;
const role = axe.commons.aria.getRole(node);

const unsupportedAttrs = Array.from(node.attributes)
const unsupportedAttrs = Array.from(axe.utils.getNodeAttributes(node))
.filter(({ name }) => {
const attribute = lookupTable.attributes[name];

Expand Down
2 changes: 1 addition & 1 deletion lib/checks/aria/valid-attr-value.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ var invalid = [],

var attr,
attrName,
attrs = node.attributes;
attrs = axe.utils.getNodeAttributes(node);

var skipAttrs = ['aria-errormessage'];

Expand Down
2 changes: 1 addition & 1 deletion lib/checks/aria/valid-attr.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ var invalid = [],
aria = /^aria-/;

var attr,
attrs = node.attributes;
attrs = axe.utils.getNodeAttributes(node);

for (var i = 0, l = attrs.length; i < l; i++) {
attr = attrs[i].name;
Expand Down
2 changes: 1 addition & 1 deletion lib/commons/aria/roles.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ aria.implicitRole = function(node) {
return null;
}

var nodeAttributes = node.attributes;
var nodeAttributes = axe.utils.getNodeAttributes(node);
var ariaAttributes = [];

/* Get all aria-attributes defined for this node */
Expand Down
21 changes: 21 additions & 0 deletions lib/core/utils/get-node-attributes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
/* global axe */

/**
* Return the list of attributes of a node.
* @method getNodeAttributes
* @memberof axe.utils
* @param {Element} node
* @returns {NamedNodeMap}
*/
axe.utils.getNodeAttributes = function getNodeAttributes(node) {
straker marked this conversation as resolved.
Show resolved Hide resolved
// eslint-disable-next-line no-restricted-syntax
if (node.attributes instanceof window.NamedNodeMap) {
// eslint-disable-next-line no-restricted-syntax
return node.attributes;
}

// if the attributes property is not of type NamedNodeMap then the DOM
// has been clobbered. E.g. <form><input name="attributes"></form>.
// We can clone the node to isolate it and then return the attributes
return node.cloneNode(false).attributes;
};
8 changes: 4 additions & 4 deletions lib/core/utils/get-selector.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ axe.utils.getSelectorData = function(domTree) {
}

// count all the filtered attributes
if (node.attributes) {
Array.from(node.attributes)
if (node.hasAttributes()) {
Array.from(axe.utils.getNodeAttributes(node))
.filter(filterAttributes)
.forEach(at => {
let atnv = getAttributeNameValue(node, at);
Expand Down Expand Up @@ -238,8 +238,8 @@ function uncommonAttributes(node, selectorData) {
let attData = selectorData.attributes;
let tagData = selectorData.tags;

if (node.attributes) {
Array.from(node.attributes)
if (node.hasAttributes()) {
Array.from(axe.utils.getNodeAttributes(node))
.filter(filterAttributes)
.forEach(at => {
const atnv = getAttributeNameValue(node, at);
Expand Down
2 changes: 1 addition & 1 deletion lib/rules/aria-allowed-attr-matches.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
const aria = /^aria-/;
if (node.hasAttributes()) {
let attrs = node.attributes;
let attrs = axe.utils.getNodeAttributes(node);
for (let i = 0, l = attrs.length; i < l; i++) {
if (aria.test(attrs[i].name)) {
return true;
Expand Down
2 changes: 1 addition & 1 deletion lib/rules/aria-has-attr-matches.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
var aria = /^aria-/;
if (node.hasAttributes()) {
var attrs = node.attributes;
var attrs = axe.utils.getNodeAttributes(node);
for (var i = 0, l = attrs.length; i < l; i++) {
if (aria.test(attrs[i].name)) {
return true;
Expand Down
26 changes: 26 additions & 0 deletions test/core/utils/get-node-attributes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
describe('axe.utils.getNodeAttributes', function() {
'use strict';

it('should return the list of attributes', function() {
var node = document.createElement('div');
node.setAttribute('class', 'foo bar');
var actual = axe.utils.getNodeAttributes(node);
assert.isTrue(actual instanceof window.NamedNodeMap);
assert.equal(actual.length, 1);
assert.equal(actual[0].name, 'class');
});

it('should return the list of attributes when the DOM is clobbered', function() {
var node = document.createElement('form');
node.setAttribute('id', '123');
node.innerHTML = '<select name="attributes"></select>';

// eslint-disable-next-line no-restricted-syntax
assert.isFalse(node.attributes instanceof window.NamedNodeMap);

var actual = axe.utils.getNodeAttributes(node);
assert.isTrue(actual instanceof window.NamedNodeMap);
assert.equal(actual.length, 1);
assert.equal(actual[0].name, 'id');
});
});