Bug 24339

Summary: Add test for potential crash in window.frames.length
Product: WebKit Reporter: Pam Greene (IRC:pamg) <pam>
Component: DOMAssignee: Pam Greene (IRC:pamg) <pam>
Status: RESOLVED FIXED    
Severity: Normal CC: ap
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
New test + result
fishd: review+
New test + result, no form submission ap: review+

Pam Greene (IRC:pamg)
Reported 2009-03-03 17:27:54 PST
Test to make sure that window.frames.length does not crash the browser after the frame navigates away from the original page.
Attachments
New test + result (1.77 KB, patch)
2009-03-03 17:39 PST, Pam Greene (IRC:pamg) 		fishd: review+
DetailsFormatted DiffDiff
New test + result, no form submission (2.21 KB, patch)
2009-03-04 15:43 PST, Pam Greene (IRC:pamg) 		ap: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Pam Greene (IRC:pamg)
Comment 1 2009-03-03 17:39:29 PST
Created attachment 28250 [details] New test + result This test is not well suited to the JS test framework.
Darin Fisher (:fishd, Google)
Comment 2 2009-03-03 23:28:41 PST
Comment on attachment 28250 [details] New test + result >Index: fast/dom/window-collection-length-no-crash.html >=================================================================== >--- fast/dom/window-collection-length-no-crash.html (revision 0) >+++ fast/dom/window-collection-length-no-crash.html (revision 0) >@@ -0,0 +1,22 @@ >+<HTML> >+<script> >+if (window.layoutTestController) { >+ window.layoutTestController.dumpAsText(); >+ window.layoutTestController.waitUntilDone(); >+} >+ >+function run_test() { nit: run_test -> runTest otherwise, LGTM
Darin Fisher (:fishd, Google)
Comment 3 2009-03-03 23:29:52 PST
hmm, however... shouldn't this live in fast/dom/Window?
Alexey Proskuryakov
Comment 4 2009-03-04 00:34:37 PST
Why is this a potential crash? My understanding is form.submit() does nothing until script execution finishes.
Pam Greene (IRC:pamg)
Comment 5 2009-03-04 15:43:59 PST
Created attachment 28289 [details] New test + result, no form submission (In reply to comment #4) > Why is this a potential crash? My understanding is form.submit() does nothing > until script execution finishes. I can't easily confirm either way, since the original of this test was created for a bug Chromium had a long time ago. But here's one that sidesteps the form submission question, and is more closely related to the original compatibility problem as well.
Alexey Proskuryakov
Comment 6 2009-03-05 00:08:29 PST
Comment on attachment 28289 [details] New test + result, no form submission > +<iframe id="subframe"><p id="contents">Subframe</p></iframe> This paragraph will be ignored - did you intend to do src='data:text/html,<p id="contents">Subframe</p>'? But in this case, the test would probably need to run from an onload handler, as data: URL loading is async. r=me either way.
Pam Greene (IRC:pamg)
Comment 7 2009-03-05 14:04:52 PST
(In reply to comment #6) > (From update of attachment 28289 [details] [review]) > > +<iframe id="subframe"><p id="contents">Subframe</p></iframe> > > This paragraph will be ignored Good catch. I took that from the original reduced test case in our (Chromium's) old bug, but it shouldn't be doing anything. Probably it just never got reduced out of the failing third-party webpage. I'll drop it.
Pam Greene (IRC:pamg)
Comment 8 2009-03-05 14:12:16 PST
landed in r41459.
Pam Greene (IRC:pamg)
Comment 9 2009-03-11 14:18:30 PDT
Landed again in r41598, since I neglected to include the test and result files last time. It sure was a nice ChangeLog patch, though.
Note You need to log in before you can comment on or make changes to this bug.