Skip to content

fix: ensure iframe cleanup in getUntaintedPrototype on error or early return#1770

Open
heathdutton wants to merge 1 commit into
rrweb-io:masterfrom
heathdutton:fix/1627-iframe-cleanup
Open

fix: ensure iframe cleanup in getUntaintedPrototype on error or early return#1770
heathdutton wants to merge 1 commit into
rrweb-io:masterfrom
heathdutton:fix/1627-iframe-cleanup

Conversation

@heathdutton
Copy link
Copy Markdown

@heathdutton heathdutton commented Jan 2, 2026

Fixes #1627

The getUntaintedPrototype function creates a temporary iframe to get clean prototypes, but fails to remove it when:

  • contentWindow is null (early return)
  • An exception is thrown

This adds a finally block to ensure the iframe is always cleaned up.

Copilot AI review requested due to automatic review settings January 2, 2026 22:43
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Jan 2, 2026

⚠️ No Changeset found

Latest commit: b64b625

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copilot AI reviewed Jan 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a resource leak where temporary iframes created to access untainted prototypes were not always properly cleaned up. The fix ensures the iframe is removed from the DOM in all exit paths.

Key Changes:

  • Moved iframe variable declaration outside try block to make it accessible in finally block
  • Replaced inline cleanup with a finally block that executes regardless of how the function exits
  • Added safety check for parentNode existence before attempting removal

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@pauldambra pauldambra mentioned this pull request Mar 24, 2026
Open
@fasyy612 fasyy612 mentioned this pull request Mar 26, 2026
Merged
2 tasks
pauldambra pushed a commit to PostHog/posthog-rrweb that referenced this pull request Apr 2, 2026
@fasyy612
fix: prevent iframe leak in untainted prototype and avoid unnecessary…
5aef34c 
… iframe creation (#159)

## Summary
- Adopts upstream rrweb
[#1770](rrweb-io/rrweb#1770) and
[#1802](rrweb-io/rrweb#1802)
- **#1770**: Wraps untainted prototype iframe creation in `try/finally`
so the iframe is always removed, even on early return (when
`contentWindow` is null) or exception. Previously these iframes would
leak into the DOM.
- **#1802**: Moves `querySelector`/`querySelectorAll` from
`testableAccessors` to `testableMethods` and switches helpers from
`getUntaintedAccessor` to `getUntaintedMethod`. These are methods, not
property accessors, so the accessor check
(`getOwnPropertyDescriptor(...).get`) always failed, causing a throwaway
iframe to be created every time just to get the untainted prototype.

## Why
Both fixes are in `packages/utils/src/index.ts` and affect the same
`getUntaintedPrototype` code path. #1770 prevents DOM pollution from
leaked iframes. #1802 avoids unnecessary iframe creation on every
querySelector/querySelectorAll call, which is a hot path during
recording.

## Test plan
- [ ] Verify no regressions in recording on pages with patched DOM
prototypes (Angular apps)
- [ ] Inspect DOM during recording to confirm no orphaned iframes from
untainted prototype detection
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: Injected iframe cleanup on error

2 participants

@heathdutton