This repository demonstrates a bug in SvelteKit where the reset_focus function crashes when the URL contains a hash fragment that is not a valid CSS selector.
SvelteKit's internal reset_focus function calls document.querySelector(location.hash) without validating that the hash is a valid CSS selector. This causes a SyntaxError when the hash contains data that doesn't conform to CSS selector syntax.
Error message:
SyntaxError: '#gzip:H4sIAAAAAAAAA0sqTQcAFL+MNQMAAAA=' is not a valid selector.
This bug affects applications that use URL hash fragments for:
- Storing compressed/gzipped state data
- Base64 encoded application data
- Any data format that contains characters invalid in CSS selectors (like
:,+,/, etc.)
- Clone this repository
- Install dependencies:
npm install - Start the development server:
npm run dev - Open the application in your browser
- Submit the form on the page
- Check the browser console for the error
- The page loads and sets
location.hashto a gzipped data string starting with#gzip: - When the form is submitted, SvelteKit's
use:enhancetriggers thereset_focusfunction reset_focusattempts to calldocument.querySelector(location.hash)- Since
#gzip:...is not a valid CSS selector,querySelectorthrows aSyntaxError - This crashes the focus management functionality
SvelteKit should either:
- Validate that the hash is a valid CSS selector before calling
querySelector - Wrap the
querySelectorcall in a try-catch block to handle invalid selectors gracefully - Check if the selector actually matches an element before proceeding
This bug can crash the focus management in applications that legitimately use URL hash fragments for data storage, which is a common pattern in modern single-page applications.