Bug 185191

Summary:

document.open() event listener removal is not immediate

Product:

WebKit

Reporter:

Anne van Kesteren <annevk>

Component:

DOM

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

cdumez, commit-queue, darin, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, sam, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Anne van Kesteren 2018-05-02 02:13:06 PDT

See https://github.com/w3c/web-platform-tests/pull/10686 and https://github.com/whatwg/html/pull/3653.

Comment 1 Chris Dumez 2018-05-02 08:56:35 PDT

I believe the issue is that EventListenerMap::clear() clears m_entries but fails to call markAsRemoved() on each RegisteredEventListener. Therefore, if somebody already had a reference to the RegisteredEventListeners, it can still fire events at them.

Comment 2 Anne van Kesteren 2018-05-02 09:19:52 PDT

Yeah, that sounds similar to how the standard works. When you invoke removeEventListener() it both removes from the list and sets a removed flag that dispatch will take into account.

I think this should work similar (and it does in Chrome and Firefox).

Comment 3 Chris Dumez 2018-05-02 09:53:28 PDT

Created attachment 339310 [details]
Patch

Comment 4 WebKit Commit Bot 2018-05-02 11:39:25 PDT

Comment on attachment 339310 [details]
Patch

Clearing flags on attachment: 339310

Committed r231248: <https://trac.webkit.org/changeset/231248>

Comment 5 WebKit Commit Bot 2018-05-02 11:39:27 PDT

All reviewed patches have been landed.  Closing bug.

Comment 6 Radar WebKit Bug Importer 2018-05-02 11:40:21 PDT

<rdar://problem/39912521>