47550 2010-10-12 11:54:47 -0700 For WebKit plug-ins, beforeload can be called recursively (esp. with AdBlock style extensions) 2011-12-12 14:43:51 -0800 1 1 1 Unclassified WebKit Plug-ins 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 74340 1 ap ap mitz simon.fraser oldest_to_newest 293024 0 70550 ap 2010-10-12 11:54:47 -0700 Created attachment 70550 test case (change MIME type to a plug-in you have installed) This happens with AdBlock extension and any WebKit-style plug-in: 1. Add a plug-in element to a document. 2. Access any property, e.g. myPlugin.myProperty. This makes the plug-in load, since myProperty can be defined in the plug-in. As the plug-in is loaded, a beforeload event is dispatched. 3. In beforeload handler, access e.g. myPlugin.nodeName. Since the plug-in hasn't loaded yet, we go back into HTMLObjectElement::updateWidget(), and dispatch beforeload again. Two of the ways updateWidget is triggered are style resolution and layout. The interaction of these result in one recursive call, and also Widget object is created twice. So, the plug-in is stopped, and malfunctions in the future. <rdar://problem/8353386> 293053 1 70554 ap 2010-10-12 12:30:33 -0700 Created attachment 70554 proposed patch 293080 2 70554 simon.fraser 2010-10-12 13:12:48 -0700 Comment on attachment 70554 proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=70554&action=review > WebCore/html/HTMLPlugInElement.cpp:108 > + if (m_inBeforeLoadEventHandler) { > + // The plug-in hasn't loaded yet, and it makes no sense to try to load if beforeload handler happened to touch the plug-in element. > + // That would recursively call beforeload for the same element. > + return false; > + } This should return 0, not return false. 293092 3 ap 2010-10-12 13:29:47 -0700 Committed <http://trac.webkit.org/changeset/69596>. 70550 2010-10-12 11:54:47 -0700 2010-10-12 11:54:47 -0700 test case (change MIME type to a plug-in you have installed) recursive-beforeload.html text/html 622 ap PGJvZHk+CjxzY3JpcHQ+CmlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpCiAgICBsYXlv dXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CgpmdW5jdGlvbiBnZXRQbHVnaW4oKXsKICAg IHZhciBhPWRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoIm9iamVjdCIpOwogICAgYS5pZD0ibXlQbHVn aW4iOwogICAgYS50eXBlPSJhcHBsaWNhdGlvbi94LXdlYmtpdC1wbHVnaW4iOwogICAgYS53aWR0 aD0wOwogICAgYS5oZWlnaHQ9MDsKICAgIGEuc3R5bGUudmlzaWJpbGl0eT0iaGlkZGVuIjsKICAg IGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7CiAgICByZXR1cm4gZG9jdW1lbnQuZ2V0RWxl bWVudEJ5SWQoIm15UGx1Z2luIikKfQoKZnVuY3Rpb24gdXNlUGx1Z2luKCl7CiAgICB2YXIgZj1n ZXRQbHVnaW4oKTsKICAgIHRyeSB7CiAgICAgICAgYj1mLmZvb2JhcigpCiAgICB9IGNhdGNoIChq KSB7CiAgICB9CiAgICBhbGVydChmLmJhcmZvbyk7Cn0KCjwvc2NyaXB0Pgo8c2NyaXB0Pgpkb2N1 bWVudC5hZGRFdmVudExpc3RlbmVyKCJiZWZvcmVsb2FkIiwgZnVuY3Rpb24oZSkgeyBlLnRhcmdl dC5ub2RlTmFtZSB9LCB0cnVlKTsKdXNlUGx1Z2luKCk7Cjwvc2NyaXB0Pgo8L2JvZHk+Cg== 70554 2010-10-12 12:30:33 -0700 2010-10-12 13:12:48 -0700 proposed patch onbeforeload2.txt text/plain 4551 ap SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2OTU5MSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjYgQEAKKzIwMTAtMTAtMTIgIEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEBhcHBs ZS5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTQ3NTUwCisgICAgICAgIDxy ZGFyOi8vcHJvYmxlbS84MzUzMzg2PiBGb3IgV2ViS2l0IHBsdWctaW5zLCBiZWZvcmVsb2FkIGNh biBiZSBjYWxsZWQgcmVjdXJzaXZlbHkKKyAgICAgICAgKGVzcC4gd2l0aCBBZEJsb2NrIHN0eWxl IGV4dGVuc2lvbnMpCisKKyAgICAgICAgTm8gdGVzdCAtIHdlIGRvbid0IGhhdmUgYSBXZWJLaXQt c3R5bGUgcGx1Z2luIGluIERSVCwgYW5kIGRvbid0IGNhcmUgZW5vdWdoIHRvIGFkZCBvbmUuCisK KyAgICAgICAgVGhlIGZpeCBpcyB0byBibG9jayBwbHVnLWluIHNjcmlwdGluZyB3aGlsZSBpbiBi ZWZvcmVsb2FkIGV2ZW50IC0gdGhlIHBsdWctaW4gaXMgb2J2aW91c2x5CisgICAgICAgIG5vdCBh dmFpbGFibGUgeWV0LCBzbyBzY3JpcHRpbmcgY291bGQgb25seSBhdHRlbXB0IHRvIGxvYWQgaXQg cmVjdXJzaXZlbHkuCisKKyAgICAgICAgVGhpcyBkaWRuJ3QgYWZmZWN0IE5QQVBJIHBsdWctaW5z LCBiZWNhdXNlIG9mIGEgY29tcGxldGVseSBkaWZmZXJlbnQgY29kZSBwYXRoIHRha2VuIGluCisg ICAgICAgIHVwZGF0ZVdpZGdldCgpLCBzZWUgPGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD00NDU3NSNjOD4uCisKKyAgICAgICAgKiBodG1sL0hUTUxFbWJlZEVsZW1lbnQu Y3BwOiAoV2ViQ29yZTo6SFRNTEVtYmVkRWxlbWVudDo6dXBkYXRlV2lkZ2V0KToKKyAgICAgICAg KiBodG1sL0hUTUxPYmplY3RFbGVtZW50LmNwcDogKFdlYkNvcmU6OkhUTUxPYmplY3RFbGVtZW50 Ojp1cGRhdGVXaWRnZXQpOgorICAgICAgICAqIGh0bWwvSFRNTFBsdWdJbkVsZW1lbnQuY3BwOgor ICAgICAgICAoV2ViQ29yZTo6SFRNTFBsdWdJbkVsZW1lbnQ6OkhUTUxQbHVnSW5FbGVtZW50KToK KyAgICAgICAgKFdlYkNvcmU6OkhUTUxQbHVnSW5FbGVtZW50OjpwbHVnaW5XaWRnZXQpOgorICAg ICAgICAqIGh0bWwvSFRNTFBsdWdJbkVsZW1lbnQuaDoKKwogMjAxMC0xMC0xMiAgU2FtIFdlaW5p ZyAgPHNhbUB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEFuZGVycyBDYXJsc3Nv bi4KSW5kZXg6IFdlYkNvcmUvaHRtbC9IVE1MRW1iZWRFbGVtZW50LmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBXZWJDb3JlL2h0bWwvSFRNTEVtYmVkRWxlbWVudC5jcHAJKHJldmlzaW9uIDY5NDExKQorKysg V2ViQ29yZS9odG1sL0hUTUxFbWJlZEVsZW1lbnQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xNjEs NyArMTYxLDEyIEBAIHZvaWQgSFRNTEVtYmVkRWxlbWVudDo6dXBkYXRlV2lkZ2V0KGJvb2wKICAg ICBWZWN0b3I8U3RyaW5nPiBwYXJhbVZhbHVlczsKICAgICBwYXJhbWV0ZXJzRm9yUGx1Z2luKHBh cmFtTmFtZXMsIHBhcmFtVmFsdWVzKTsKIAotICAgIGlmICghZGlzcGF0Y2hCZWZvcmVMb2FkRXZl bnQobV91cmwpKSB7CisgICAgQVNTRVJUKCFtX2luQmVmb3JlTG9hZEV2ZW50SGFuZGxlcik7Cisg ICAgbV9pbkJlZm9yZUxvYWRFdmVudEhhbmRsZXIgPSB0cnVlOworICAgIGJvb2wgYmVmb3JlTG9h ZEFsbG93ZWRMb2FkID0gZGlzcGF0Y2hCZWZvcmVMb2FkRXZlbnQobV91cmwpOworICAgIG1faW5C ZWZvcmVMb2FkRXZlbnRIYW5kbGVyID0gZmFsc2U7CisKKyAgICBpZiAoIWJlZm9yZUxvYWRBbGxv d2VkTG9hZCkgewogICAgICAgICBpZiAoZG9jdW1lbnQoKS0+aXNQbHVnaW5Eb2N1bWVudCgpKSB7 CiAgICAgICAgICAgICAvLyBQbHVnaW5zIGluc2lkZSBwbHVnaW4gZG9jdW1lbnRzIGxvYWQgZGlm ZmVyZW50bHkgdGhhbiBvdGhlciBwbHVnaW5zLiBCeSB0aGUgdGltZQogICAgICAgICAgICAgLy8g d2UgYXJlIGhlcmUgaW4gYSBwbHVnaW4gZG9jdW1lbnQsIHRoZSBsb2FkIG9mIHRoZSBwbHVnaW4g KHdoaWNoIGlzIHRoZSBwbHVnaW4gZG9jdW1lbnQncwpJbmRleDogV2ViQ29yZS9odG1sL0hUTUxP YmplY3RFbGVtZW50LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL2h0bWwvSFRNTE9iamVjdEVs ZW1lbnQuY3BwCShyZXZpc2lvbiA2OTQxMSkKKysrIFdlYkNvcmUvaHRtbC9IVE1MT2JqZWN0RWxl bWVudC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTI3OSw3ICsyNzksMTAgQEAgdm9pZCBIVE1MT2Jq ZWN0RWxlbWVudDo6dXBkYXRlV2lkZ2V0KGJvbwogICAgIGlmIChvbmx5Q3JlYXRlTm9uTmV0c2Nh cGVQbHVnaW5zICYmIHdvdWxkTG9hZEFzTmV0c2NhcGVQbHVnaW4odXJsLCBzZXJ2aWNlVHlwZSkp CiAgICAgICAgIHJldHVybjsKIAorICAgIEFTU0VSVCghbV9pbkJlZm9yZUxvYWRFdmVudEhhbmRs ZXIpOworICAgIG1faW5CZWZvcmVMb2FkRXZlbnRIYW5kbGVyID0gdHJ1ZTsKICAgICBib29sIGJl Zm9yZUxvYWRBbGxvd2VkTG9hZCA9IGRpc3BhdGNoQmVmb3JlTG9hZEV2ZW50KHVybCk7CisgICAg bV9pbkJlZm9yZUxvYWRFdmVudEhhbmRsZXIgPSBmYWxzZTsKIAogICAgIC8vIGJlZm9yZWxvYWQg ZXZlbnRzIGNhbiBtb2RpZnkgdGhlIERPTSwgcG90ZW50aWFsbHkgY2F1c2luZwogICAgIC8vIFJl bmRlcldpZGdldDo6ZGVzdHJveSgpIHRvIGJlIGNhbGxlZC4gIEVuc3VyZSB3ZSBoYXZlbid0IGJl ZW4KSW5kZXg6IFdlYkNvcmUvaHRtbC9IVE1MUGx1Z0luRWxlbWVudC5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gV2ViQ29yZS9odG1sL0hUTUxQbHVnSW5FbGVtZW50LmNwcAkocmV2aXNpb24gNjk0MTEpCisr KyBXZWJDb3JlL2h0bWwvSFRNTFBsdWdJbkVsZW1lbnQuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00 OSwxMCArNDksMTEgQEAgdXNpbmcgbmFtZXNwYWNlIEhUTUxOYW1lczsKIAogSFRNTFBsdWdJbkVs ZW1lbnQ6OkhUTUxQbHVnSW5FbGVtZW50KGNvbnN0IFF1YWxpZmllZE5hbWUmIHRhZ05hbWUsIERv Y3VtZW50KiBkb2MpCiAgICAgOiBIVE1MRnJhbWVPd25lckVsZW1lbnQodGFnTmFtZSwgZG9jKQor ICAgICwgbV9pbkJlZm9yZUxvYWRFdmVudEhhbmRsZXIoZmFsc2UpCiAjaWYgRU5BQkxFKE5FVFND QVBFX1BMVUdJTl9BUEkpCiAgICAgLCBtX05QT2JqZWN0KDApCi0gICAgLCBtX2lzQ2FwdHVyaW5n TW91c2VFdmVudHMoZmFsc2UpCiAjZW5kaWYKKyAgICAsIG1faXNDYXB0dXJpbmdNb3VzZUV2ZW50 cyhmYWxzZSkKIHsKIH0KIApAQCAtMTAwLDYgKzEwMSwxMiBAQCBQYXNzU2NyaXB0SW5zdGFuY2Ug SFRNTFBsdWdJbkVsZW1lbnQ6OmdlCiAKIFdpZGdldCogSFRNTFBsdWdJbkVsZW1lbnQ6OnBsdWdp bldpZGdldCgpIGNvbnN0CiB7CisgICAgaWYgKG1faW5CZWZvcmVMb2FkRXZlbnRIYW5kbGVyKSB7 CisgICAgICAgIC8vIFRoZSBwbHVnLWluIGhhc24ndCBsb2FkZWQgeWV0LCBhbmQgaXQgbWFrZXMg bm8gc2Vuc2UgdG8gdHJ5IHRvIGxvYWQgaWYgYmVmb3JlbG9hZCBoYW5kbGVyIGhhcHBlbmVkIHRv IHRvdWNoIHRoZSBwbHVnLWluIGVsZW1lbnQuCisgICAgICAgIC8vIFRoYXQgd291bGQgcmVjdXJz aXZlbHkgY2FsbCBiZWZvcmVsb2FkIGZvciB0aGUgc2FtZSBlbGVtZW50LgorICAgICAgICByZXR1 cm4gZmFsc2U7CisgICAgfQorCiAgICAgUmVuZGVyV2lkZ2V0KiByZW5kZXJXaWRnZXQgPSByZW5k ZXJXaWRnZXRGb3JKU0JpbmRpbmdzKCk7CiAgICAgaWYgKCFyZW5kZXJXaWRnZXQpCiAgICAgICAg IHJldHVybiAwOwpJbmRleDogV2ViQ29yZS9odG1sL0hUTUxQbHVnSW5FbGVtZW50LmgKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gV2ViQ29yZS9odG1sL0hUTUxQbHVnSW5FbGVtZW50LmgJKHJldmlzaW9uIDY5NDEx KQorKysgV2ViQ29yZS9odG1sL0hUTUxQbHVnSW5FbGVtZW50LmgJKHdvcmtpbmcgY29weSkKQEAg LTU5LDYgKzU5LDggQEAgcHJvdGVjdGVkOgogICAgIHZpcnR1YWwgYm9vbCBtYXBUb0VudHJ5KGNv bnN0IFF1YWxpZmllZE5hbWUmIGF0dHJOYW1lLCBNYXBwZWRBdHRyaWJ1dGVFbnRyeSYgcmVzdWx0 KSBjb25zdDsKICAgICB2aXJ0dWFsIHZvaWQgcGFyc2VNYXBwZWRBdHRyaWJ1dGUoQXR0cmlidXRl Kik7CiAKKyAgICBib29sIG1faW5CZWZvcmVMb2FkRXZlbnRIYW5kbGVyOworCiBwcml2YXRlOgog ICAgIHZpcnR1YWwgdm9pZCBkZWZhdWx0RXZlbnRIYW5kbGVyKEV2ZW50Kik7CiAK