Bug 23288
Summary: | WebCore cache gets confused when the same URL is used as both image and script src | ||
---|---|---|---|
Product: | WebKit | Reporter: | Marcel <marcel> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW | ||
Severity: | Normal | CC: | ap |
Priority: | P2 | ||
Version: | 528+ (Nightly build) | ||
Hardware: | Mac | ||
OS: | OS X 10.5 | ||
URL: | http://llamaguy.com/test/img_script.html |
Marcel
Note: The summary of this ticket is based purely on speculation.
Given the following code:
alert('enter');
var s = document.createElement('script');
var i = document.createElement('img');
s.src = 'alert.js';
i.src = 'alert.js';
document.body.appendChild(s);
i.onerror = function() {
alert('img error');
}
alert('exit');
Where alert.js contains only "alert(1)", WebKit will alert in sequence, "enter", "exit", and "img error". "1" will never be alerted.
If you swap the order of lines 5 and 6 [i.src = ...; & document.body....] you will no longer see "img error", instead you will see "1".
After you execute the version which alerts "1", and revert the code the back to the original (which used to alert "img error") it will now alert "enter", "1", and "exit". Clearing your cache will bring you back to the old behavior of "enter", "exit", "img error" until you execute the 2nd version again.
If I had to guess I would say that WebKit is guessing the MIME type of the resource before it's fetched, based on how the page is using the resource. The request to alert.js comes back as text/javascript, but at that point WebKit has already made up its mind. In the case where there's a local cache hit it can decide the MIME type without guessing or blocking the script on an HTTP request, so it makes no assumptions.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Confirmed with r39882. I've changed the summary to something I hope describes the problem better.