Bug 1753029 - [devtools] Add safe guard to avoid reparenting iframe nodeFront with wrong target. r=jdescottes.

This can be seen as a hot fix for Bug 1752342. Here we're not fixing the
root cause of the issue, but rather adding a protection mecanism so we don't
completely crash/freeze the inspector/the browser.
A follow-up bug will take care of Bug 1752342.

Differential Revision: https://phabricator.services.mozilla.com/D137450

devtools/client/fronts/walker.js

@@ -338,6 +338,21 @@ class WalkerFront extends FrontClassWithSpec(walkerSpec) {
       return super.children(node, options);
     }
     const target = await node.connectToFrame();
+
+    // We had several issues in the past where `connectToFrame` was returning the same
+    // target as the owner document one, which led to the inspector being broken.
+    // Ultimately, we shouldn't get to this point (fix should happen in connectToFrame or
+    // on the server, e.g. for Bug 1752342), but at least this will serve as a safe guard
+    // so we don't freeze/crash the inspector.
+    if (target == this.targetFront) {
+      console.warn("connectToFrame returned an unexpected target");
+      return {
+        nodes: [],
+        hasFirst: true,
+        hasLast: true,
+      };
+    }
+
     const walker = (await target.getFront("inspector")).walker;
 
     // Finally retrieve the NodeFront of the remote frame's document

devtools/client/inspector/markup/test/browser.ini

@@ -155,6 +155,7 @@ skip-if = true # Bug 1177550
 [browser_markup_grid_display_badge_02.js]
 [browser_markup_grid_display_badge_03.js]
 [browser_markup_grid_display_badge_telemetry.js]
+[browser_markup_iframe_blocked_by_csp.js]
 [browser_markup_links_01.js]
 [browser_markup_links_02.js]
 [browser_markup_links_03.js]

devtools/client/inspector/markup/test/browser_markup_iframe_blocked_by_csp.js

@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Test that iframe blocked because of CSP doesn't cause the browser to freeze.
+
+const TEST_URI = `https://example.com/document-builder.sjs?html=${encodeURIComponent(`
+  <h1>Test expanding CSP-blocked iframe</h1>
+  <iframe src="https://example.org/document-builder.sjs?html=Hello"></iframe>
+`)}&headers=content-security-policy:default-src 'self'`;
+
+add_task(async function() {
+  const { inspector } = await openInspectorForURL(TEST_URI);
+  const container = await getContainerForSelector("iframe", inspector);
+  await expandContainer(inspector, container);
+
+  const h1Container = await getContainerForSelector("h1", inspector);
+  ok(
+    h1Container.elt.isConnected,
+    "Inspector panel did not freeze/crash when expanding the blocked-by-csp iframe"
+  );
+});