Bug 96566

Summary: IndexedDB: Hidden indexing events are visible to script via bubbling/capture
Product: WebKit Reporter: Joshua Bell <jsbell>
Component: WebCore Misc.Assignee: Alec Flett <alecflett>
Status: RESOLVED FIXED    
Severity: Normal CC: alecflett, dgrogan, tony, webkit.review.bot
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Repro case for bug
none
Patch
none
Patch none

Joshua Bell
Reported 2012-09-12 15:09:11 PDT
Created attachment 163712 [details] Repro case for bug Population of indexes is done using iteration of a hidden IDBCursor. The cursor iteration fires events at a hidden IDBRequest that is not visible to script. The success and error events fired at request end up being erroneously visible via capture/bubbling. This was found via W3C test submission: http://w3c-test.org/webapps/IndexedDB/tests/submissions/Microsoft/idbobjectstore_createIndex2.htm Short version: db.onerror = function() { alert("UNEXPECTED"); }; var store = db.createObjectStore('store'); store.put({prop: 1}, 1); store.put({prop: 1}, 2); store.createIndex("index", "prop", {unique: true}); This results in an error when the indexing terminates due to an abort. (Aborting causes an error to be fired at all unfinished requests.). However, the issue affects success events as well (as seen in the attached hidden-events.html)
Attachments
Repro case for bug (1.17 KB, text/html)
2012-09-12 15:09 PDT, Joshua Bell 		no flags
Details
Patch (5.07 KB, patch)
2012-10-17 16:22 PDT, Joshua Bell 		no flags
DetailsFormatted DiffDiff
Patch (6.20 KB, patch)
2012-10-19 14:31 PDT, Joshua Bell 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Joshua Bell
Comment 1 2012-10-17 16:22:17 PDT
Created attachment 169290 [details] Patch
Joshua Bell
Comment 2 2012-10-17 16:27:32 PDT
The patch is a partial fix: It stops propagation of the events in the default/"bubbling" phase, but scripts could still see the events in the "capture" phase. A more intrusive fix would be necessary for the latter, setting a different propagation path in the guts of IDBRequest. With this patch we pass: http://w3c-test.org/webapps/IndexedDB/tests/submissions/Microsoft/idbobjectstore_createIndex2.htm http://w3c-test.org/webapps/IndexedDB/tests/submissions/Opera/idbobjectstore_createIndex6-event_order.htm (mostly; the final event is incorrect in the test) http://w3c-test.org/webapps/IndexedDB/tests/submissions/Opera/idbtransaction_abort.htm
Joshua Bell
Comment 3 2012-10-19 14:31:41 PDT
Created attachment 169696 [details] Patch
Joshua Bell
Comment 4 2012-10-19 14:32:51 PDT
Latest patch handles both capturing and bubbling phases and tests both as well. I hate having to add more crap into IDBRequest but this seems like the best approach. alecflett@ - can you take a look?
Alec Flett
Comment 5 2012-10-19 16:37:13 PDT
Comment on attachment 169696 [details] Patch lgtm, thanks for fixing this
WebKit Review Bot
Comment 6 2012-10-19 17:55:40 PDT
Comment on attachment 169696 [details] Patch Clearing flags on attachment: 169696 Committed r131967: <http://trac.webkit.org/changeset/131967>
WebKit Review Bot
Comment 7 2012-10-19 17:55:43 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.