My website on Chrome 77 doesn't load any data, but it works fine on Chrome 76

Question

What's worse, is that my tests pass using Chrome 77 with Chromedriver 77 (the tests pass, the data is loaded in the webpages, etc.). It's only if I manually pull up a Chrome 77 browser and test it that it fails.

Here's basically what my code is doing:

// Get the query parameter "operation" from the URL
let match = new RegExp("[?&]operation=([^&]*)").exec(window.location.search);
let param = match && decodeURIComponent(match[1].replace(/\+/g, " "));

// Sanitize the URL from XSS Injection
let param = param ? window.DOMPurify.sanitize(param) : param;

if(param === "View") {
    // Load data from the server
}

The problem is that in Chrome 77 param === "View" is false! But it's not false when using Chrome 77 on it's own.

Answer 1

I figured it out! The problem is the Chrome 77 turns on the TrustedTypes API by default. But it's turned off if Chrome 77 is started through Chromedriver, which is a pretty nasty bug.

The fix to get Chrome 77 / Chromedriver 77 to fail like it does when you manually hit the page is to enable this chrome feature:

--enable-blink-features=TrustedDOMTypes

You'd put it in the same place you see --no-sandbox or --disable-infobars.

Great! Now your tests fail as they should. Next, to fix the error, change this line:

// Sanitize the URL from XSS Injection
let param = param ? window.DOMPurify.sanitize(param) : param;

To this instead:

// Sanitize the URL from XSS Injection
let param = param ? (window.DOMPurify.sanitize(param) || "").toString() : param;

The toString() is the most important part. A TrustedType object is being returned now, instead of a String.