Skip to content

[Website] Make all iframes controlled by the service worker #2923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 23 commits into
base: trunk
Choose a base branch
from
Draft

[Website] Make all iframes controlled by the service worker #2923

wants to merge 23 commits into from
+2,920 −141

Conversation

@adamziel
Copy link
Collaborator

@adamziel adamziel commented Nov 20, 2025
edited
Loading

Explores making all iframes controlled by the Playground service worker.

Iframes created as about:blank / srcdoc / data / blob are not controlled by this
service worker. This means that all network calls initiated by these iframes are
sent directly to the network. This means Gutenberg cannot load any CSS files,
TInyMCE can't load media images, etc.

Only iframes created with src pointing to a URL already controlled by this service worker
are themselves controlled.

Explored solution

We inject a iframes-trap.js script into every HTML page to override a set of DOM
methods used to create iframes. Whenever an src/srcdoc attribute is set on an iframe,
we intercept that and:

  1. Store the initial HTML of the iframe in CacheStorage.
  2. Set the iframe's src to iframeLoaderUrl (coming from a controlled URL).
  3. The loader replaces the iframe's content with the cached HTML.
  4. The loader ensures iframes-trap.js is also loaded and executed inside the iframe
    to cover any nested iframes.

As a result, every same-origin iframe is forced onto a real navigation that the SW can control,
so all fetches (including inside editors like TinyMCE) go through our handler
without per-product patches. This replaces the former Gutenberg-only shim.

Downsides

When a DOM reference to an element inside an iframe is grabbed early on, rewriting the HTML inside that iframe invalidates those reference. I think it breaks "bold", "italic", etc buttons in TinyMCE at the moment (but it doesn't break the "Add Media" feature).

This is a deal-breaker in the current PR. I think we can make it work without destroying the DOM nodes already in the iframe. TinyMCE seems to be doing iframe.contentWindow.contentDocument.write( newHTML ) and document.write() makes a controlled iframe uncontrolled again. We'll need to wrap every part of the process and replace the document.write() logic with something closer to innerHTML or a redirection to loader.html?initialHTML={markup}.

References

Fixes #2919
Fixes #42

cc @akirk @brandonpayton @ellatrix @draganescu

@adamziel adamziel changed the title Explore making all iframes controlled [Website] Make all iframes controlled by the service worker Nov 20, 2025
@adamziel adamziel marked this pull request as draft November 20, 2025 17:08
@adamziel adamziel mentioned this pull request Nov 29, 2025
Open
Merge added 17 commits December 1, 2025 16:35
A passing set of fast tests
32f9f50
Get the iframes tram to work with a nested document
245245c
Support arbitrary nesting of iframes
c33f7eb
Add TinyMCE test case
9cf08b2
Theiretically fixed CI test failures
1214760
Adjust ci tests
4911d3e
Fix flaky data URL test by improving content wait logic
8127cb5 
The test was reading iframe content before the loader script finished
injecting the cached content. The fix increases the timeout from 3s to 5s
and adds a check that the loader script has finished executing before
considering the content loaded.
Fix CI test failures by keeping loader URLs within SW scope
765513e 
The test was navigating to a URL outside the service worker's scope
(/scope:test-fast/... instead of /website-server/scope:test-fast/...).
This worked locally because of existing SW caching but failed in CI
where the SW was freshly registered.

Changes:
- Test: Construct loader URL as /website-server/scope:test-fast/...
- iframes-trap.js: Extract full scoped path including any prefix
- service-worker.ts: Same scope inference pattern for loader HTML
Fix data URL race condition in iframes-trap.js
0f8d378 
When an iframe's src was set to a data: URL, the async fetch and cache
process would start but the setAttribute wrapper returned immediately.
If the iframe was then appended to the DOM before caching completed,
scheduleIframeControl would see it as a blank iframe (no pending flag)
and redirect it to an empty loader, losing the data URL content.

Now we set data-srcdoc-pending synchronously before starting the async
rewriteDataOrBlob, preventing the race condition with MutationObserver.
Skip deeply nested iframes test on Firefox
78b1709 
Firefox has timing issues with 4-level deep srcdoc iframes in this synthetic
stress test. The core nested iframe functionality is still tested by the
'nested iframe (TinyMCE-like)' test which passes on all browsers.
Revert "Skip deeply nested iframes test on Firefox"
c7e43ec 
This reverts commit 78b1709.
Fix cross-realm iframe src setting for Firefox deeply nested iframes
89a2684 
When creating controlled iframes in ancestor documents for deeply nested
srcdoc iframes, Firefox requires using the ancestor realm's native property
setter rather than the one captured in the child context. This commit adds
cross-realm support to setIframeSrc() by accepting an optional ancestorWindow
parameter and using that realm's HTMLIFrameElement.prototype.src setter when
available.

This fixes the Firefox failure in the "deeply nested iframes (4 levels)"
test where iframes beyond level 1-2 would remain at about:blank instead
of navigating to the loader URL.
Use postMessage for cross-realm iframe creation in Firefox
e5cee4d 
Firefox restricts cross-realm property setter calls, which caused nested
iframes to remain at about:blank instead of navigating to empty.html.
The fix uses postMessage with MessageChannel to ask the ancestor window
to create iframes entirely within its own realm, bypassing Firefox's
restrictions.
Add timeout to service worker ready check in tests
6dd0206 
The `navigator.serviceWorker?.ready` promise can hang indefinitely in some
browser states with corrupted service workers. Add a 10-second timeout to
prevent tests from hanging when the service worker environment has issues.
Mark deeply nested iframes test as .only() for faster CI verification
b9b0fde
Remove .only() from deeply nested iframes test
e0c8e4e
Fix TinyMCE iframe control in Firefox by handling pre-existing iframes
0c5057e 
When iframes-trap.js loads asynchronously in WordPress admin (via the MU
plugin), TinyMCE may have already created its iframe with src="javascript:''"
before the prototype patches are in place.

This fix extends the MutationObserver handler to also process iframes that
have uncontrolled src values (javascript:, about:blank, empty). It also
scans for existing iframes when iframes-trap.js first loads, catching any
that were created before the script executed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

[Aspect] Website [Package][@wp-playground] Website [Type] Enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Classic editor doesn't show images from media library CSS files are not loading in the site editor

2 participants

@adamziel