Overload Document.prototype createElement instead of document (#308)

jonathanKingston · web-flow · commit 5e98a9112395 · 2023-03-10T16:55:10.000Z
diff --git a/integration-test/test-runtime-checks.js b/integration-test/test-runtime-checks.js
@@ -385,4 +385,51 @@ describe('Runtime checks: should allow element modification', () => {
             srcVal7: 'http://example4.com/'
         })
     })
+
+    it('Script using parent prototype should execute checking', async () => {
+        const port = server.address().port
+        const page = await browser.newPage()
+        await gotoAndWait(page, `http://localhost:${port}/blank.html`, {
+            site: {
+                enabledFeatures: ['runtimeChecks']
+            },
+            featureSettings: {
+                runtimeChecks: {
+                    taintCheck: 'enabled',
+                    matchAllDomains: 'enabled',
+                    matchAllStackDomains: 'enabled',
+                    overloadInstanceOf: 'enabled'
+                }
+            }
+        })
+        // And now with a script that will execute
+        const scriptResult = await page.evaluate(
+            () => {
+                // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+                window.scriptDocumentPrototypeRan = false
+                const scriptElement = Document.prototype.createElement.call(window.document, 'script')
+                scriptElement.innerText = 'window.scriptDocumentPrototypeRan = true'
+                scriptElement.id = 'scriptDocumentPrototype'
+                scriptElement.setAttribute('type', 'application/javascript')
+                document.body.appendChild(scriptElement)
+                const hadInspectorNode = !!document.querySelector('ddg-runtime-checks')
+                const instanceofResult = scriptElement instanceof HTMLScriptElement
+                const scripty = document.querySelector('script#scriptDocumentPrototype')
+
+                return {
+                    // @ts-expect-error https://app.asana.com/0/1201614831475344/1203979574128023/f
+                    scriptRan: window.scriptDocumentPrototypeRan,
+                    hadInspectorNode,
+                    instanceofResult,
+                    type: scripty.getAttribute('type')
+                }
+            }
+        )
+        expect(scriptResult).toEqual({
+            scriptRan: true,
+            hadInspectorNode: true,
+            instanceofResult: true,
+            type: 'application/javascript'
+        })
+    })
 })
diff --git a/src/features/runtime-checks.js b/src/features/runtime-checks.js
@@ -325,7 +325,7 @@ function shouldInterrogate (tagName) {
 }
 
 function overrideCreateElement () {
-    const proxy = new DDGProxy(featureName, document, 'createElement', {
+    const proxy = new DDGProxy(featureName, Document.prototype, 'createElement', {
         apply (fn, scope, args) {
             if (args.length >= 1) {
                 const initialTagName = args[0].toLowerCase()

Original file line number	Diff line number	Diff line change
`@@ -325,7 +325,7 @@ function shouldInterrogate (tagName) {`
`325`	`325`	`}`
`326`	`326`
`327`	`327`	`function overrideCreateElement () {`
`328`		`- const proxy = new DDGProxy(featureName, document, 'createElement', {`
	`328`	`+ const proxy = new DDGProxy(featureName, Document.prototype, 'createElement', {`
`329`	`329`	`apply (fn, scope, args) {`
`330`	`330`	`if (args.length >= 1) {`
`331`	`331`	`const initialTagName = args[0].toLowerCase()`