fix: improve script handling in execute commands for better serialization by goosewobbler · Pull Request #224 · webdriverio/desktop-mobile

goosewobbler · 2026-04-09T12:28:05Z

No description provided.

…tion - Updated the `execute` function in both Electron and Tauri services to use `JSON.stringify` for string scripts, ensuring proper escaping of special characters. - Enhanced test coverage for the `execute` command to validate handling of various script formats, including strings with quotes, newlines, unicode, and backslashes. - Adjusted assertions in tests to reflect the new serialization logic, ensuring accurate expectations for script execution.

…ts plan - Deleted the `tauri-playwright-analysis.md` file to streamline documentation. - Updated the `tauri-playwright-improvements-plan.md` to include a status column for tracking improvement progress, marking the audit of JS string interpolation/escaping as complete.

github-actions · 2026-04-09T12:29:52Z

Release Preview — @wdio/native-utils 2.3.0

Scope: @wdio/native-utils

This PR is labeled for a minor release.

This PR will trigger the following release when merged:

Packages

Package	Version
`@wdio/native-utils`	2.3.0

Changelog

@wdio/native-utils wdio-native-utils@v2.2.0 → 2.3.0

Added

add script detection utilities and tests (native-utils)

Changed

enhance script detection logic for semicolons and arrow functions (native-utils)
move script detection utilities to native-utils

Greptile Summary

This PR substantially reworks script serialization across the Tauri and Electron execute paths, addressing a wide range of previously flagged issues: the sync/async mismatch on WebKit (WKWebView), double JSON-encoding, incorrect IIFE wrapping, and missing word-boundary checks on keyword detection. Key changes include switching the non-embedded Tauri path to executeAsync with arrow-function .then() callbacks, introducing shared hasSemicolonOutsideQuotes and hasTopLevelArrow utilities, reworking guest-js to split function-like and string-like scripts before invoking the Rust plugin, and fixing the executeTauriCommand closure-capture bug by passing command/args as explicit extra arguments.

Confidence Score: 5/5

Safe to merge; all remaining findings are minor edge-case P2s that do not affect common usage.

All previously flagged P0/P1 issues (double encoding, SyntaxError from concise-body arrows, unawaited Promises on WebKit, missing done-callback slicing, broken executeTauriCommand closure capture) appear addressed. The sole new finding is a return[expr] edge case that is extremely unlikely in real test scripts.

packages/tauri-plugin/src/commands.rs — has_return word-boundary gap for [-prefixed operands; same minor gap exists in the TypeScript hasStatementKeyword regex in service.ts and guest-js/index.ts.

Important Files Changed

Filename	Overview
packages/tauri-plugin/src/commands.rs	Major rewrite of script detection and execution. Introduces has_keyword_prefix, contains_arrow_outside_quotes, has_arrow_outside_parens, and has_semicolon_outside_quotes helpers. The is_function check covers most arrow/function patterns; has_return and has_statement guards correctly use word-boundary strip/starts_with. String-with-args now returns a clear error instead of silently mis-wrapping.
packages/tauri-service/src/service.ts	patchedExecute now correctly uses executeAsync for non-embedded providers for WebKit compatibility. Function path uses Promise.resolve + arrow .then() callbacks; string path uses async function().apply() with correct done-callback slicing. Embedded path now passes original script object directly.
packages/tauri-plugin/guest-js/index.ts	isFunctionLike detection improved: uses hasTopLevelArrow and /^async[\s(]/ to avoid false positives. String path now correctly wraps in named async function with .apply() for arguments access. hasSemicolonOutsideQuotes import resolves the semicolon-in-string-literal false positive.
packages/tauri-service/src/commands/execute.ts	Plugin availability check now uses a function argument (not a string) avoiding the previous patchedExecute string-return bug. executeTauriCommand refactored to pass command/args explicitly as extra arguments instead of via closure, fixing the unbound-variable serialization bug.
packages/native-utils/src/script-detect.ts	New shared utilities hasSemicolonOutsideQuotes and hasTopLevelArrow. Both correctly track bracket depth, quote state (single/double/template), and escape sequences including \. Template literal ${} nesting is handled via a frame stack.
packages/electron-service/src/commands/executeCdp.ts	String scripts now routed through new wrapStringScriptForCdp helper; imports hasSemicolonOutsideQuotes and hasTopLevelArrow from native-utils. isFunctionLike detection uses hasTopLevelArrow to avoid nested-arrow false positives. Old prevChar escape issue resolved by shared utility.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[browser.tauri.execute\nscript, ...args] --> B{isEmbedded?}
    B -- Yes --> C[originalExecute\nscript, ...args\nWDIO handles serialization]
    B -- No --> D{typeof script}
    D -- function --> E[patchedExecute\nFunction Path\nexecuteAsync + Promise.resolve\n+ arrow .then callbacks]
    D -- string --> F[patchedExecute\nString Path\nhasStatementKeyword / hasSemicolonOutsideQuotes\nasync function apply + done callback]
    E --> G[executeWithinTauri runs\nin WebView]
    F --> G
    G --> H[window.wdioTauri.execute\nscriptString, options, argsJson]
    H --> I{guest-js isFunctionLike?}
    I -- Yes --> J[Build IIFE with\n__wdio_tauri injection\nreturn await fn tauri args]
    I -- No --> K[Wrap as async function\nbody with .apply\nfor arguments access]
    J --> L[Rust: is_function=true\npass-through]
    K --> L
    L --> M[script_with_result\nawait __wdio_script\nemit result via Tauri event]
    M --> N[Return result\nto Node.js]

_{Reviews (75): Last reviewed commit: "refactor(tauri-plugin): improve semicolo..." | Re-trigger Greptile}

- Updated the `execute` function to simplify string handling by passing strings as-is, allowing Rust to manage proper escaping. - Adjusted related test cases to reflect this change, ensuring accurate expectations for string arguments passed to the plugin.

- Updated the `execute` function to improve handling of string and function scripts. - Strings are now passed as-is for embedded paths, while tauri-driver paths utilize `JSON.stringify` for proper escaping. - Adjusted comments for clarity on the handling of different script types.

- Updated the `execute` function to pass scripts as-is instead of using `JSON.stringify`, improving handling of various script formats. - Adjusted related test cases to reflect this change, ensuring accurate expectations for string arguments passed to the plugin.

- Improved error handling in the `execute` function by restructuring the parsing logic to separate error checks from the try/catch block, allowing for clearer error messages when parsing fails. - Updated related test cases to reflect the new error handling behavior, ensuring that specific error messages are thrown for parsing issues.

- Updated the `execute` function to enhance handling of string and function scripts by passing them as-is, improving clarity and functionality. - Adjusted comments for better understanding of the script processing logic, ensuring that both strings and functions are correctly wrapped for execution.

- Modified the `execute` function to wrap string scripts in an IIFE, ensuring they are callable as statement expressions. - Enhanced comments for clarity on the handling of both string and function scripts, improving understanding of the execution flow.

- Updated the `execute` function to properly wrap string scripts in an IIFE with braces, ensuring correct syntax for execution. - Adjusted related test cases to reflect the updated script format, enhancing the accuracy of expectations for script execution.

- Added a comment in the `execute` function to explain that TypeScript sends scripts as-is, necessitating serialization for proper handling. - This change enhances understanding of the script processing logic, ensuring clarity on the serialization step for arguments passed to the function.

- Updated the `execute` function to improve the handling of scripts with and without arguments. - Scripts with arguments are now wrapped in an IIFE and executed as functions, while scripts without arguments are evaluated directly. - Enhanced comments for clarity on the script evaluation process, ensuring better understanding of callable detection and execution flow.

- Enhanced the `execute` function to handle embedded WebDriver scripts more effectively by passing them through untouched. - Simplified the script wrapping logic for non-embedded scripts, ensuring consistent execution behavior. - Updated related test cases to reflect the changes in script handling, improving accuracy in expectations.

- Updated the `execute` function to inject Tauri APIs as the first parameter when scripts are executed with arguments, enhancing the integration with Tauri's core functionalities. - Revised comments for clarity on the script evaluation process, ensuring a better understanding of how arguments are passed and handled. - Maintained the evaluation of script expressions for cases without arguments, preserving existing behavior.

- Updated the `execute` function to wrap scripts without arguments in an async IIFE, allowing for proper handling of statement-style scripts. - Revised comments to clarify the execution flow and ensure consistency in script handling across both with-args and no-args scenarios.

- Introduced new test cases for the `execute` function in both Electron and Tauri to cover various script types, including functions with and without arguments, statement-style strings, and async functions. - Enhanced test coverage to ensure proper handling of different script execution scenarios, improving reliability and confidence in the functionality.

Removed unnecessary checks for arrow functions in the script wrapping logic, streamlining the handling of string scripts to avoid parsing errors. This change enhances code clarity and maintains robust script execution.

…clarations Replaced arrow function syntax with traditional function declarations in the script wrapping logic of `executeCdp`. This change improves consistency and clarity in the generated scripts, ensuring better compatibility with various execution contexts. Updated related tests to reflect the new function declaration format.

…function declarations in script wrapping Updated the script wrapping logic in the `execute` function to utilize traditional function declarations instead of arrow functions. This change enhances consistency and compatibility across different execution contexts. Adjusted related tests to ensure they reflect the new function declaration format.

…ts in function body Updated the `execute` function to embed user arguments into the script body, allowing access via the `arguments` object. This change improves the flexibility of script execution and ensures that additional arguments are correctly serialized. Adjusted related tests to verify the new behavior and ensure compatibility with the updated script wrapping logic.

Updated the devDependencies in the tauri-plugin package.json to include @vitest/coverage-v8, jsdom, and vitest at specified versions. Reformatted the files and keywords sections for improved readability in package.json. Updated pnpm-lock.yaml to reflect these changes.

Enhanced the `execute` function to include detection for function-like patterns, specifically adding support for `throw(` in the script execution logic. This change improves the accuracy of function detection, ensuring better handling of various script formats.

Refactored the `execute` function to simplify the handling of script execution and event listening. Removed unnecessary references to the invoking window and consolidated event listener logic to improve clarity and maintainability. Enhanced function detection to support async IIFEs, ensuring better compatibility with various script formats.

Deleted the `execute` command implementation and its associated tests to streamline the codebase. This change simplifies the electron-service package by eliminating unused functionality, enhancing maintainability and clarity.

…t execution Updated the regex used for detecting statement keywords in the script execution logic to include support for parentheses and curly braces. This change improves the accuracy of function detection, ensuring better handling of various script formats.

…ript wrapping Updated the regex for detecting statement keywords in the `wrapStringScriptForCdp` function to include support for parentheses and curly braces. This change improves the accuracy of script parsing, ensuring better handling of various script formats.

Updated the regex for detecting statement keywords in the `execute` function to include support for parentheses and curly braces. Added tests to ensure that `try{` and `do{` are correctly treated as statements, enhancing the accuracy of script parsing and execution.

Introduced two new functions, `hasSemicolonOutsideQuotes` and `hasTopLevelArrow`, in `script-detect.ts` to enhance script analysis capabilities. Updated `index.ts` to export these functions and added comprehensive tests in `script-detect.spec.ts` to validate their behavior. Updated package.json to include new module paths for the script detection utilities.

Added @wdio/native-utils as a dependency in the tauri-plugin package to utilize script detection utilities. Updated the index.ts to import and use `hasSemicolonOutsideQuotes` and `hasTopLevelArrow` functions for improved script analysis. Modified tsconfig.json to exclude test files from compilation and streamlined TypeScript declaration generation in the build script.

…for js build Updated the @wdio/tauri-plugin build configuration in turbo.json to include @wdio/native-utils as a dependency and defined inputs for the JavaScript build process. This change enhances the build setup by ensuring necessary scripts are included for processing.

Updated the executeCdp function to route both regular and async arrow function strings through recast, ensuring the electron parameter is stripped correctly. Added a test case to verify this behavior for async arrow functions, improving the accuracy of script execution.

Updated the executeCdp function to route both named and anonymous function declaration strings through recast, ensuring the electron parameter is stripped correctly. Adjusted test cases to verify the handling of various function formats, enhancing the accuracy of script execution.

… and arrow functions Updated the `hasSemicolonOutsideQuotes` and `hasTopLevelArrow` functions in `script-detect.ts` to improve handling of template literals and nested expressions. Added new test cases to cover various scenarios, including nested template literals and top-level arrow functions following template literals, ensuring accurate detection of semicolons and arrow functions in different contexts.

Updated the logic in the `execute` function to accurately differentiate between async function declarations and async expressions. Added a test case to ensure that `async(42)` is treated as an expression, improving the handling of async scripts in the plugin.

Enhanced the `has_semicolon_outside_quotes` function to accurately track semicolon usage in template literals, including nested expressions. Introduced a stack-based approach to manage template frames, improving detection logic and ensuring correct handling of various string contexts.

Updated the regex for detecting statement keywords in the `execute` function across multiple files to improve accuracy. The new regex ensures that statement keywords are correctly identified, enhancing the handling of various script formats and improving overall script execution reliability.

goosewobbler added 2 commits April 9, 2026 13:26

goosewobbler added scope:shared Shared utilities and infrastructure release:prerelease Release a prerelease version labels Apr 9, 2026