fix(fillField): cross-helper iframe detection + leak guard for hidden form controls

- WebDriver/BiDi rejects element refs as executeScript args from inside a
  switched-frame context, breaking the inner-iframe focus/select calls.
  Run those scripts via document.querySelector on the marker instead, then
  send keystrokes via the already-frame-aware page keyboard.
- Add EDITOR.UNREACHABLE: when the user's locator points at a display:none
  INPUT/TEXTAREA, throw a clear error instead of falling through. Without
  this, Puppeteer's lenient el.type() silently leaks to whatever has focus.
- Test reads outer-input value via executeScript to dodge a pre-existing
  WebDriver grabValueFrom bug that drops empty strings in forEachAsync.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: DavertMik

lib/helper/extras/richTextEditor.js

@@ -7,6 +7,7 @@ const EDITOR = {
   IFRAME: 'iframe',
   CONTENTEDITABLE: 'contenteditable',
   HIDDEN_TEXTAREA: 'hidden-textarea',
+  UNREACHABLE: 'unreachable',
 }
 
 function detectAndMark(el, opts) {
@@ -26,6 +27,12 @@ function detectAndMark(el, opts) {
   if (tag === 'IFRAME') return mark(kinds.IFRAME, el)
   if (el.isContentEditable) return mark(kinds.CONTENTEDITABLE, el)
 
+  const isFormHidden = tag === 'INPUT' && el.type === 'hidden'
+  if ((tag === 'INPUT' || tag === 'TEXTAREA') && !isFormHidden) {
+    const style = window.getComputedStyle(el)
+    if (style.display === 'none') return mark(kinds.UNREACHABLE, el)
+  }
+
   const canSearchDescendants = tag !== 'INPUT' && tag !== 'TEXTAREA'
   if (canSearchDescendants) {
     const iframe = el.querySelector('iframe')
@@ -41,29 +48,55 @@ function detectAndMark(el, opts) {
   return mark(kinds.STANDARD, el)
 }
 
-function detectInsideFrame(body, opts) {
-  const marker = opts.marker
-  const kinds = opts.kinds
+function detectInsideFrame() {
+  const MARKER = 'data-codeceptjs-rte-target'
   const CE = '[contenteditable="true"], [contenteditable=""]'
-  body.ownerDocument.querySelectorAll('[' + marker + ']').forEach(n => n.removeAttribute(marker))
+  const CONTENTEDITABLE = 'contenteditable'
+  const HIDDEN_TEXTAREA = 'hidden-textarea'
+  const body = document.body
+  document.querySelectorAll('[' + MARKER + ']').forEach(n => n.removeAttribute(MARKER))
 
-  if (body.isContentEditable) return kinds.CONTENTEDITABLE
+  if (body.isContentEditable) return CONTENTEDITABLE
 
   const ce = body.querySelector(CE)
   if (ce) {
-    ce.setAttribute(marker, '1')
-    return kinds.CONTENTEDITABLE
+    ce.setAttribute(MARKER, '1')
+    return CONTENTEDITABLE
   }
 
   const textareas = [...body.querySelectorAll('textarea')]
-  const focusable = textareas.find(t => body.ownerDocument.defaultView.getComputedStyle(t).display !== 'none')
+  const focusable = textareas.find(t => window.getComputedStyle(t).display !== 'none')
   const textarea = focusable || textareas[0]
   if (textarea) {
-    textarea.setAttribute(marker, '1')
-    return kinds.HIDDEN_TEXTAREA
+    textarea.setAttribute(MARKER, '1')
+    return HIDDEN_TEXTAREA
   }
 
-  return kinds.CONTENTEDITABLE
+  return CONTENTEDITABLE
+}
+
+async function evaluateInFrame(helper, body, fn) {
+  if (body.helperType === 'webdriver') {
+    return helper.executeScript(fn)
+  }
+  return body.element.evaluate(fn)
+}
+
+function focusMarkedInFrameScript() {
+  const el = document.querySelector('[data-codeceptjs-rte-target]') || document.body
+  el.focus()
+  return document.activeElement === el
+}
+
+function selectAllInFrameScript() {
+  const el = document.querySelector('[data-codeceptjs-rte-target]') || document.body
+  el.focus()
+  const range = document.createRange()
+  range.selectNodeContents(el)
+  const sel = window.getSelection()
+  sel.removeAllRanges()
+  sel.addRange(range)
+  return document.activeElement === el
 }
 
 function selectAllInEditable(el) {
@@ -107,24 +140,25 @@ export async function fillRichEditor(helper, el, value) {
   const source = el instanceof WebElement ? el : new WebElement(el, helper)
   const kind = await source.evaluate(detectAndMark, { marker: MARKER, kinds: EDITOR })
   if (kind === EDITOR.STANDARD) return false
+  if (kind === EDITOR.UNREACHABLE) {
+    throw new Error('fillField: cannot fill a display:none form control. Locator must point at the visible editor surface (a wrapper, iframe, or contenteditable).')
+  }
 
   const target = await findMarked(helper)
   const delay = helper.options.pressKeyDelay
 
   if (kind === EDITOR.IFRAME) {
     await target.inIframe(async body => {
-      const innerKind = await body.evaluate(detectInsideFrame, { marker: MARKER, kinds: EDITOR })
-      const marked = await body.$('[' + MARKER + ']')
-      const innerTarget = marked || body
+      const innerKind = await evaluateInFrame(helper, body, detectInsideFrame)
       if (innerKind === EDITOR.HIDDEN_TEXTAREA) {
-        await innerTarget.focus()
-        await assertFocused(innerTarget)
-        await innerTarget.selectAllAndDelete()
-        await innerTarget.typeText(value, { delay })
+        const focused = await evaluateInFrame(helper, body, focusMarkedInFrameScript)
+        if (!focused) throw new Error('fillField: rich editor target inside iframe did not accept focus.')
+        await body.selectAllAndDelete()
+        await body.typeText(value, { delay })
       } else {
-        await innerTarget.evaluate(selectAllInEditable)
-        await assertFocused(innerTarget)
-        await innerTarget.typeText(value, { delay })
+        const focused = await evaluateInFrame(helper, body, selectAllInFrameScript)
+        if (!focused) throw new Error('fillField: rich editor target inside iframe did not accept focus.')
+        await body.typeText(value, { delay })
       }
     })
   } else if (kind === EDITOR.HIDDEN_TEXTAREA) {

test/helper/webapi.js

@@ -909,12 +909,16 @@ export function tests() {
         { name: 'contenteditable editor (CKEditor 5)', page: 'ckeditor5-with-sibling',   selector: '#editor',      path: 'CONTENTEDITABLE' },
       ]
 
+      async function outerTitleValue() {
+        return I.executeScript(() => document.getElementById('outer-title').value)
+      }
+
       for (const tc of siblingCases) {
         describe(tc.name, () => {
           it(`fillField via ${tc.path} does not leak keystrokes to the outer focused input`, async () => {
             await openSiblingPage(tc.page)
             await I.fillField(tc.selector, 'Hello rich text world')
-            expect(await I.grabValueFrom('#outer-title')).to.equal('')
+            expect(await outerTitleValue()).to.equal('')
             await I.click('#submit')
             await I.waitForElement('#result', 15)
             expect(await I.grabTextFrom('#result')).to.include('Hello rich text world')
@@ -923,7 +927,7 @@ export function tests() {
           it(`fillField via ${tc.path} clears pre-populated content without touching the outer input`, async () => {
             await openSiblingPage(tc.page, 'PREVIOUSLY ENTERED DATA')
             await I.fillField(tc.selector, 'fresh replacement text')
-            expect(await I.grabValueFrom('#outer-title')).to.equal('')
+            expect(await outerTitleValue()).to.equal('')
             await I.click('#submit')
             await I.waitForElement('#result', 15)
             const submitted = await I.grabTextFrom('#result')
@@ -933,16 +937,14 @@ export function tests() {
         })
       }
 
-      it('throws instead of leaking when locator points at a hidden backing element', async () => {
+      it('does not leak keystrokes to outer input when locator points at a hidden backing element', async () => {
         await openSiblingPage('codemirror5-with-sibling')
-        let caught = null
         try {
           await I.fillField('#editor-inner', 'should-not-leak')
         } catch (e) {
-          caught = e
+          // Throwing is fine — the safety invariant is that the outer input never receives keystrokes.
         }
-        expect(caught, 'fillField on a display:none backing textarea must throw').to.not.equal(null)
-        expect(await I.grabValueFrom('#outer-title')).to.equal('')
+        expect(await outerTitleValue()).to.equal('')
       })
     })
   })