Bug 23288

Summary: WebCore cache gets confused when the same URL is used as both image and script src
Product: WebKit Reporter: Marcel <marcel>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: ap
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://llamaguy.com/test/img_script.html

Marcel
Reported 2009-01-13 02:21:06 PST
Note: The summary of this ticket is based purely on speculation. Given the following code: alert('enter'); var s = document.createElement('script'); var i = document.createElement('img'); s.src = 'alert.js'; i.src = 'alert.js'; document.body.appendChild(s); i.onerror = function() { alert('img error'); } alert('exit'); Where alert.js contains only "alert(1)", WebKit will alert in sequence, "enter", "exit", and "img error". "1" will never be alerted. If you swap the order of lines 5 and 6 [i.src = ...; & document.body....] you will no longer see "img error", instead you will see "1". After you execute the version which alerts "1", and revert the code the back to the original (which used to alert "img error") it will now alert "enter", "1", and "exit". Clearing your cache will bring you back to the old behavior of "enter", "exit", "img error" until you execute the 2nd version again. If I had to guess I would say that WebKit is guessing the MIME type of the resource before it's fetched, based on how the page is using the resource. The request to alert.js comes back as text/javascript, but at that point WebKit has already made up its mind. In the case where there's a local cache hit it can decide the MIME type without guessing or blocking the script on an HTTP request, so it makes no assumptions.
Attachments
Alexey Proskuryakov
Comment 1 2009-01-14 04:16:41 PST
Confirmed with r39882. I've changed the summary to something I hope describes the problem better.
Note You need to log in before you can comment on or make changes to this bug.