269355 2024-02-14 03:50:47 -0800 Removing an <object> tag hangs tab 2024-02-14 16:24:23 -0800 1 1 1 Unclassified WebKit DOM WebKit Nightly Build Mac (Apple Silicon) macOS 14 RESOLVED DUPLICATE 268536 P2 Major --- 1 m.goetzke webkit-unassigned ahmad.saleem792 akeerthi a_protyasha rniwa thorton oldest_to_newest 2013471 0 469859 m.goetzke 2024-02-14 03:50:47 -0800 Created attachment 469859 Hang the Safari tab by removing an object tag. Running the HTML below you can get the Safari Tab to hang. It happens the moment an object added is removed again (see the button): E.g. removing this definition from the node tree (this does NOT work inside an iframe) `<object ref="builtin" type="application/pdf" style="position: absolute;z-index: -1;"><span></span></object>` Steps to Reproduce ------------------ Load the HTML inside the browser (not in an iframe) on a desktop mac. Pressing 'inc' will work After pressing 'crash' the browser engine hangs (it adds and then removes the object tag) It does not matter how you remove the object node, the tab becomes unusable. See the click handler for inc, but nothing really works anymore. Expected Results ---------------- Just like in Chrome/Edge/Firefox the node should just be removed. Build Data & Hardware --------------------- Safari 19617.1.17.11.12 and on 274622@main. Running on Sonoma 14.2.1 MacBookPro 16 M1 Max 2013499 1 ahmad.saleem792 2024-02-14 08:09:50 -0800 I get following in console while loading: >> CoreGraphics PDF has logged an error. Set environment variable "CG_PDF_VERBOSE" to learn more. I was using 'release' build as of WebKit ToT (274623@main). It is reproducible hang and whole minibrowser start misbehaving and navigation becomes slow to interact. 2013711 2 thorton 2024-02-14 16:24:23 -0800 *** This bug has been marked as a duplicate of bug 268536 *** 469859 2024-02-14 03:50:47 -0800 2024-02-14 03:50:47 -0800 Hang the Safari tab by removing an object tag. index.html text/html 1451 m.goetzke PGRpdj4KICBXaGVuIFJFTU9WSU5HIGFuIG9iamVjdCB0YWcgc2FmYXJpIGRvZXMgbm90IGxpa2Ug aXQgaGFuZ3MuIAogIDxicj48YnI+CjwvZGl2PiAKCjxidXR0b24gaWQ9ImluYyI+SW5jcmVhc2Ug Q291bnRlcjwvYnV0dG9uPiZuYnNwOzxsYWJlbCBpZD0iY291bnRlciI+MDwvbGFiZWw+PGJyPgoK PGJ1dHRvbiBpZD0iY3Jhc2giPk1ha2UgU2FmYXJpIEhhbmc8L2J1dHRvbj4KCjxkaXYgaWQ9ImNv bnRlbnQiPjwvZGl2PgoKPGRpdiBpZD0id2FybiIgc3R5bGU9ImRpc3BsYXk6bm9uZSI+CiAgPGgy IHN0eWxlPSJib3JkZXI6MXB4IHNvbGlkIHJlZDtwYWRkaW5nOjFlbTsiPgogICAgVGhpcyB0ZXN0 IG9ubHkgd29ya3Mgd2hlbiBub3QgaG9zdGVkIGluc2lkZSBhbiBpZnJhbWUuIENvcHkgaXQgaW50 byBhIGxvY2FsIGh0bWwgZmlsZSBmb3IgZXhhbXBsZQogIDwvaDI+CiAgPHA+CiAgICAnTWFrZSBT YWZhcmkgSGFuZycgb25seSB3b3JrcyB3aGVuIGRpcmVjdGx5IGhvc3RlZCBzbyB0aGUgb2JqZWN0 IHRhZyB3aWxsIGFjdHVhbGx5IHRyeSB0byBsb2FkIGEgcGRmIHZpZXdlci4KICAgIEUuZyBpbiBK U0ZpZGRsZSBpdCB3aWxsIGp1c3QgaWdub3JlIHRoYXQgKGluc2lkZSB0aGUgaWZyYW1lKSAgCiAg PC9wPgo8L2Rpdj4KCjxzY3JpcHQ+CiAgZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcignRE9NQ29u dGVudExvYWRlZCcsIGZ1bmN0aW9uKCkgewogIAljb25zdCBpbkZyYW1lID0gKHdpbmRvdy5sb2Nh dGlvbiAhPT0gd2luZG93LnBhcmVudC5sb2NhdGlvbikKICAgIAogICAgaWYgKGluRnJhbWUpIGRv Y3VtZW50LmdldEVsZW1lbnRCeUlkKCd3YXJuJykuc3R5bGUuZGlzcGxheSA9ICdibG9jaycKICAK ICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjcmFzaCcpLmFkZEV2ZW50TGlzdGVuZXIoJ2Ns aWNrJywgZnVuY3Rpb24oKSB7CiAgICAgIHZhciBjb250ZW50ID0gZG9jdW1lbnQuZ2V0RWxlbWVu dEJ5SWQoJ2NvbnRlbnQnKTsKICAgICAgY29udGVudC5pbm5lckhUTUwgPSAnPG9iamVjdCByZWY9 ImJ1aWx0aW4iIHR5cGU9ImFwcGxpY2F0aW9uL3BkZiIgc3R5bGU9InBvc2l0aW9uOiBhYnNvbHV0 ZTt6LWluZGV4OiAtMTsiPjxzcGFuPjwvc3Bhbj48L29iamVjdD4nOwogICAgICAKICAgICAgc2V0 VGltZW91dCgoKSA9PiB7CiAgICAgIAljb250ZW50LmlubmVySFRNTCA9ICdUcnkgaW5jcmVhc2lu ZyB0aGUgbnVtYmVyIG5vdycKCQkJfSwxMDAwKQogICAgfSk7CiAgICBkb2N1bWVudC5nZXRFbGVt ZW50QnlJZCgnaW5jJykuYWRkRXZlbnRMaXN0ZW5lcignY2xpY2snLCBmdW5jdGlvbigpIHsKICAg ICAgdmFyIGNvdW50ZXIgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY291bnRlcicpOwogICAg ICBjb3VudGVyLmlubmVySFRNTCA9IHBhcnNlSW50KGNvdW50ZXIuaW5uZXJIVE1MKSArIDE7CiAg ICB9KTsKICB9KTsgIAo8L3NjcmlwdD4KCiA=