Bug 7707

Summary: crash modifying innerHTML of body in JavaScript invoked by Flash
Product: WebKit Reporter: Mark Wubben <bugs+webkit>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: alice.barraclough
Priority: P2 Keywords: InRadar, NeedsReduction
Version: 417.x   
Hardware: Mac   
OS: OS X 10.4   
URL: http://tests.novemberborn.net/browsers/safari/fscommand-redraw/crash.html
Bug Depends on: 7708    
Bug Blocks:    
Attachments:
Description Flags
Contains the testcase linked to in the description.
none
Crash report. none

Mark Wubben
Reported 2006-03-10 14:55:20 PST
This bug is related to bug #7706. A JavaScript function is invoked through Flash' fscommand() method. This function appends an empty string to the innerHTML of the body element, which contains a Flash movie in an embed tag. Upon doing this, Safari crashes. See <http://tests.novemberborn.net/browsers/safari/fscommand-redraw/crash.html>. This bug was observed in Safari 417.8 with Flash 8.0.22. The nightly of March 10, 2006, did not invoke the JavaScript function, so the behaviour could not be observed.
Attachments
Contains the testcase linked to in the description. (4.70 KB, application/octet-stream)
2006-03-10 14:56 PST, Mark Wubben 		no flags
Details
Crash report. (22.40 KB, text/plain)
2006-03-10 15:27 PST, Mark Wubben 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Mark Wubben
Comment 1 2006-03-10 14:56:51 PST
Created attachment 6996 [details] Contains the testcase linked to in the description.
Mark Wubben
Comment 2 2006-03-10 15:08:22 PST
The problem with the nightlies has been addressed in bug #7708.
Mark Wubben
Comment 3 2006-03-10 15:27:19 PST
Created attachment 6999 [details] Crash report.
Mark Wubben
Comment 4 2006-03-11 13:22:14 PST
This bug also occurs in Firefox: <https://bugzilla.mozilla.org/show_bug.cgi?id=330100>
Alexey Proskuryakov
Comment 5 2006-03-12 11:10:48 PST
Confirmed with ToT (with a fix for bug 7708). Reproducible crash -> P1. Might be a bug in the plugin, though.
Mark Wubben
Comment 6 2006-03-12 11:51:24 PST
(In reply to comment #5) > Might be a bug in the plugin, though. Yes, but then, how would adding an empty string to the innerHTML crash the browser?
Alice Liu
Comment 7 2006-03-20 07:51:29 PST
<rdar://problem/4483877>
Mark Wubben
Comment 8 2006-03-20 10:12:39 PST
Michelle Sintov from Macromedia has replied to the bug report at mozilla.org. See here: <https://bugzilla.mozilla.org/show_bug.cgi?id=330100#c5>
Darin Adler
Comment 9 2006-06-04 11:32:54 PDT
According to Michelle, it's not a bug in WebKit, but in Flash.
Mark Wubben
Comment 10 2006-07-11 22:15:04 PDT
The bug no longer occurs in Safari 2.0.4 (419.3) with Flash 9 installed.
Note You need to log in before you can comment on or make changes to this bug.