LibWeb: Refuse to recursively execute .execCommand()

Spec issue: https://github.com/w3c/editing/issues/477
Author: https://github.com/gmta Commit: f731cffbd8 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3352
2025-08-07 08:39:22 +00:00 · 2025-01-23 11:19:20 +01:00 · 2025-01-23 11:19:20 +01:00 · f731cffbd8 · 2025-01-24 22:54:31 +00:00
commit f731cffbd8
parent 0c854f9afc
4 changed files with 32 additions and 0 deletions
--- a/Libraries/LibWeb/Editing/ExecCommand.cpp
+++ b/Libraries/LibWeb/Editing/ExecCommand.cpp
@ -20,6 +20,12 @@ WebIDL::ExceptionOr<bool> Document::exec_command(FlyString const& command, [[may
    if (!is_html_document())
        return WebIDL::InvalidStateError::create(realm(), "execCommand is only supported on HTML documents"_string);

+    // AD-HOC: All major browsers refuse to recursively execute execCommand() (e.g. inside input event handlers).
+    if (m_inside_exec_command)
+        return false;
+    ScopeGuard guard_recursion = [&] { m_inside_exec_command = false; };
+    m_inside_exec_command = true;
+
    // 1. If only one argument was provided, let show UI be false.
    // 2. If only one or two arguments were provided, let value be the empty string.
    // NOTE: these steps are dealt by the default values for both show_ui and value