JavascriptError: javascript error: uri.substr is not a function

[ctangney-tulip]

Product

cli

Product Version

4.7.3

Latest Version

• I have tested the issue with the latest version of the product

Issue Description

Expectation

I can complete a scan of the URL: https://tulip.co

Actual

I receive the error listed in the name of the issue. Included below is the full stack-trace:

Error: JavascriptError: javascript error: uri.substr is not a function
JavaScript stack:
TypeError: uri.substr is not a function
    at getFriendlyUriEnd (eval at executeScript (:367:16), <anonymous>:5600:34)
    at getAttributeNameValue (eval at executeScript (:367:16), <anonymous>:5705:24)
    at eval (eval at executeScript (:367:16), <anonymous>:5753:26)
    at Array.forEach (<anonymous>)
    at _loop2 (eval at executeScript (:367:16), <anonymous>:5752:84)
    at _getSelectorData (eval at executeScript (:367:16), <anonymous>:5773:9)
    at Object.runPartial (eval at executeScript (:367:16), <anonymous>:26703:27)
    at eval (eval at executeAsyncScript (:443:26), <anonymous>:7:18)
    at eval (eval at executeAsyncScript (:443:26), <anonymous>:8:8)
    at executeAsyncScript (<anonymous>:443:47)
  (Session info: headless chrome=114.0.5735.248)
    at Object.throwDecodedError (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/selenium-webdriver/lib/error.js:524:15)
    at parseHttpResponse (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/selenium-webdriver/lib/http.js:601:13)
    at Executor.execute (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/selenium-webdriver/lib/http.js:529:28)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Driver.execute (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/selenium-webdriver/lib/webdriver.js:745:17)
    at async AxeBuilder.runPartialRecursive (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/@axe-core/webdriverjs/dist/index.js:482:7)
    at async AxeBuilder.analyzePromise (/Users/connor.tangney/.nvm/versions/node/v18.3.0/lib/node_modules/@axe-core/cli/node_modules/@axe-core/webdriverjs/dist/index.js:439:18) {
  remoteStacktrace: '0   chromedriver                        0x00000001008278ac chromedriver + 4257964\n' +
    '1   chromedriver                        0x000000010081ff40 chromedriver + 4226880\n' +
    '2   chromedriver                        0x000000010045c9d4 chromedriver + 281044\n' +
    '3   chromedriver                        0x000000010046320c chromedriver + 307724\n' +
    '4   chromedriver                        0x00000001004cf8bc chromedriver + 751804\n' +
    '5   chromedriver                        0x00000001004ce7e4 chromedriver + 747492\n' +
    '6   chromedriver                        0x000000010048b98c chromedriver + 473484\n' +
    '7   chromedriver                        0x000000010048c98c chromedriver + 477580\n' +
    '8   chromedriver                        0x00000001007e6900 chromedriver + 3991808\n' +
    '9   chromedriver                        0x00000001007ea354 chromedriver + 4006740\n' +
    '10  chromedriver                        0x00000001007ea940 chromedriver + 4008256\n' +
    '11  chromedriver                        0x00000001007f033c chromedriver + 4031292\n' +
    '12  chromedriver                        0x00000001007eaf34 chromedriver + 4009780\n' +
    '13  chromedriver                        0x00000001007c3490 chromedriver + 3847312\n' +
    '14  chromedriver                        0x00000001008089f4 chromedriver + 4131316\n' +
    '15  chromedriver                        0x0000000100808b4c chromedriver + 4131660\n' +
    '16  chromedriver                        0x0000000100819230 chromedriver + 4198960\n' +
    '17  libsystem_pthread.dylib             0x000000019d757fa8 _pthread_start + 148\n' +
    '18  libsystem_pthread.dylib             0x000000019d752da0 thread_start + 8\n'
}

How to Reproduce

1. Using axe-core/cli installed globally, attempt to run a scan of tulip.co via the command: axe tulip.co
2. Confirm that the following error is produced

Additional context

• This URL was previously working in this manner.
• I have only recently updated to 4.7.3.
• I have gone through a litany of other URLs / domains and have been unable to reproduce this error.
  • I have tested additional *.co domains as well (https://go.co for example)

[straker]

Thanks for the issue. Turns out this is an issue in axe-core itself so I'm going to move it to there. Seems there's a script on the page for the url https://bat.bing.com/bat.js that is using the TrustedScriptURL API to give the script the url. Our code when generating our selector data tries to parse the URL but can't because the URL is of type object instead of string so does not have substr function

[straker]

Looking further into this, I going to say this in not a problem with axe-core but instead a problem with that particular page. Element.getAttribute() must return a string per spec, but on that particular page it returns a TrustedScriptURL object. This means that the Element.getAttribute prototype function has be overridden with custom logic that is not spec compliant. The offending script appears to be osano.js.

Because of this, I'm going to close this issue. You'll need to fix the prototypes before axe-core will work.

[ctangney-tulip]

Odd -- axe-core was previously working @ that URL (with osano embedded on the page). I will debug further from my end.

Thanks for the quick reply @straker !

[padmavemulapati]

Not reproducing with the latest axe-core develop branch latest code base,

Scanned successfully the url, https://tulip.co and seeing the scan results

[ctangney-tulip]

@padmavemulapati this issue was correctly closed. On Friday, we were able to confirm with Osano that one of their scripts was incorrectly overriding the Element.getAttribute() prototype. We have been able to adjust the offending script on our page in order to restore axe-core/cli functionality.