Bug 24339

Summary: Add test for potential crash in window.frames.length
Product: WebKit Reporter: Pam Greene (IRC:pamg) <pam>
Component: DOMAssignee: Pam Greene (IRC:pamg) <pam>
Status: RESOLVED FIXED    
Severity: Normal CC: ap
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
New test + result
fishd: review+
New test + result, no form submission ap: review+

Description Pam Greene (IRC:pamg) 2009-03-03 17:27:54 PST
Test to make sure that window.frames.length does not crash the browser after the frame navigates away from the original page.
Comment 1 Pam Greene (IRC:pamg) 2009-03-03 17:39:29 PST
Created attachment 28250 [details]
New test + result

This test is not well suited to the JS test framework.
Comment 2 Darin Fisher (:fishd, Google) 2009-03-03 23:28:41 PST
Comment on attachment 28250 [details]
New test + result

>Index: fast/dom/window-collection-length-no-crash.html
>===================================================================
>--- fast/dom/window-collection-length-no-crash.html	(revision 0)
>+++ fast/dom/window-collection-length-no-crash.html	(revision 0)
>@@ -0,0 +1,22 @@
>+<HTML>
>+<script>
>+if (window.layoutTestController) {
>+  window.layoutTestController.dumpAsText();
>+  window.layoutTestController.waitUntilDone();
>+}
>+
>+function run_test() {

nit: run_test -> runTest


otherwise, LGTM
Comment 3 Darin Fisher (:fishd, Google) 2009-03-03 23:29:52 PST
hmm, however... shouldn't this live in fast/dom/Window?
Comment 4 Alexey Proskuryakov 2009-03-04 00:34:37 PST
Why is this a potential crash? My understanding is form.submit() does nothing until script execution finishes.
Comment 5 Pam Greene (IRC:pamg) 2009-03-04 15:43:59 PST
Created attachment 28289 [details]
New test + result, no form submission

(In reply to comment #4)
> Why is this a potential crash? My understanding is form.submit() does nothing
> until script execution finishes.

I can't easily confirm either way, since the original of this test was created for a bug Chromium had a long time ago. But here's one that sidesteps the form submission question, and is more closely related to the original compatibility problem as well.
Comment 6 Alexey Proskuryakov 2009-03-05 00:08:29 PST
Comment on attachment 28289 [details]
New test + result, no form submission

> +<iframe id="subframe"><p id="contents">Subframe</p></iframe>

This paragraph will be ignored - did you intend to do src='data:text/html,<p id="contents">Subframe</p>'? But in this case, the test would probably need to run from an onload handler, as data: URL loading is async.

r=me either way.
Comment 7 Pam Greene (IRC:pamg) 2009-03-05 14:04:52 PST
(In reply to comment #6)
> (From update of attachment 28289 [details] [review])
> > +<iframe id="subframe"><p id="contents">Subframe</p></iframe>
> 
> This paragraph will be ignored

Good catch. I took that from the original reduced test case in our (Chromium's) old bug, but it shouldn't be doing anything. Probably it just never got reduced out of the failing third-party webpage. I'll drop it.
Comment 8 Pam Greene (IRC:pamg) 2009-03-05 14:12:16 PST
landed in r41459.
Comment 9 Pam Greene (IRC:pamg) 2009-03-11 14:18:30 PDT
Landed again in r41598, since I neglected to include the test and result files last time. It sure was a nice ChangeLog patch, though.