Bug 261320 - element.querySelector(":has(:scope *)") should never match
Summary: element.querySelector(":has(:scope *)") should never match
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Cameron McCormack (:heycam)
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2023-09-08 00:03 PDT by Cameron McCormack (:heycam)
Modified: 2023-09-08 13:07 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Cameron McCormack (:heycam) 2023-09-08 00:03:56 PDT
In CSSSelectorParser::consumeRelativeScopeSelector we sometimes insert a PseudoClassType::RelativeScope pseudo-class at the front of the selector argument of a :has().  This is what ensures that the matching of the selector argument does not break out of the :has scope.

But we only do this if (a) we don't already mention :scope in the selector argument, or (b) the :has() scope combinator is not DescendantSpace.  But we do need this synthesized RelativeScope pseudo-class, otherwise this will alert true when it shouldn't:

<div id=x><span></span></div>
<script>
alert(x.matches(":has(:scope span)"));
</div>
Comment 1 Radar WebKit Bug Importer 2023-09-08 00:04:13 PDT
<rdar://problem/115158183>
Comment 2 Cameron McCormack (:heycam) 2023-09-08 00:06:38 PDT
:scope checks for the scope element, which is different from the :has() scope element.
Comment 3 Cameron McCormack (:heycam) 2023-09-08 00:37:42 PDT
Pull request: https://github.com/WebKit/WebKit/pull/17579
Comment 4 EWS 2023-09-08 13:07:32 PDT
Committed 267809@main (ae0d407eae25): <https://commits.webkit.org/267809@main>

Reviewed commits have been landed. Closing PR #17579 and removing active labels.