RESOLVED FIXED261320
element.querySelector(":has(:scope *)") should never match 
https://bugs.webkit.org/show_bug.cgi?id=261320
Summary element.querySelector(":has(:scope *)") should never match
Cameron McCormack (:heycam)
Reported 2023-09-08 00:03:56 PDT
In CSSSelectorParser::consumeRelativeScopeSelector we sometimes insert a PseudoClassType::RelativeScope pseudo-class at the front of the selector argument of a :has(). This is what ensures that the matching of the selector argument does not break out of the :has scope. But we only do this if (a) we don't already mention :scope in the selector argument, or (b) the :has() scope combinator is not DescendantSpace. But we do need this synthesized RelativeScope pseudo-class, otherwise this will alert true when it shouldn't: <div id=x><span></span></div> <script> alert(x.matches(":has(:scope span)")); </div>
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-09-08 00:04:13 PDT
<rdar://problem/115158183>
Cameron McCormack (:heycam)
Comment 2 2023-09-08 00:06:38 PDT
:scope checks for the scope element, which is different from the :has() scope element.
Cameron McCormack (:heycam)
Comment 3 2023-09-08 00:37:42 PDT
Pull request: https://github.com/WebKit/WebKit/pull/17579
EWS
Comment 4 2023-09-08 13:07:32 PDT
Committed 267809@main (ae0d407eae25): <https://commits.webkit.org/267809@main> Reviewed commits have been landed. Closing PR #17579 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.