See the code below and make two files of it: A weird bug.... If the select in the first file miss the / in the last option in first element, and you have selected something in the first select to make code fetch the other select from server using some "Ajax" like code and then select something from the second select... then Safari beta for windows crashes most of the time. If it does not crash right away, then just try to make some changes in the selects and then make sure you click the second select again.... Tested on Safari 3.0.3 on Win XP PRO. If I try this without the fetchHTML call on the first select then Safari does not crash. So it might have something to do with javascript..... Test the files below.... How do one make attachement here...??? That would be nice to be able to do......!!!! File one: safari_win_beta_bug.php <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Safari beta for win 3.0.3 bug</title> <script type="text/javascript"> function fetchHTML(fWhat){ if (fWhat == 1){ // fetch year // alert(document.getElementById('frmSelPrevYear').value); year = document.getElementById('frmYear').value; step = 0; substep = 0; } else if (fWhat == 2){ // fetch step year = document.getElementById('frmYear').value; step = document.getElementById('frmStep').value; substep = 0; } else if (fWhat == 3){ // fetch substep/class year = document.getElementById('frmYear').value; step = document.getElementById('frmStep').value; substep = document.getElementById('frmSubstep').value; } if (year !== "0"){ // build url var url = "fetch_html.php?year=" + year + "&step="+step+"&substep="+substep; // alert("url='"+url+"'"); // create JS element if( document.getElementById && document.childNodes && document.createElement ) { // alert("running checkUpload ep = '" + cp + "'"); var jsel = document.createElement('SCRIPT'); jsel.type = 'text/javascript'; jsel.src = url; // Append JS element (therefore executing the 'AJAX' call) // checkProgress = 1; document.body.appendChild (jsel); } else { alert("Your browser does not support this usage!"); } } else { document.getElementById('setHTMLContainer').innerHTML = ""; } } function setHTML(html){ // alert(html); document.getElementById('setHTMLContainer').innerHTML = html; } </script> </head> <body> <form name="test"> <table border="0" cellpadding="0" cellspacing="0" align="center" width="650px"> <tr> <td> </td> </tr> <tr> <td> <b>TESTED IN safari beta for win 3.0.3</b><br>. To get this bug you should have PHP installed.<br><br> The bug has nothing to do with php.<br><br> THE BUG: SAFARI WIN BETA CRASH on windows XP<br><br> 1. Select one of the years in the first select.<br> 2. Then select something from the second select.<br> ..... the second select will not be visible<br> ..... untill you select something from first select.<br> If not able to get Safari to crash then select again from first select and then from second select<br><br> If you look at the underlying html you can see that it is not correct.<br> The first element in the first select is not closed properly.<br> That first element is missing the / char before last option.<br><br> So what you say... you have invalied HTML... yep it is... but I still belive it should not cause Safari to crash.<br><br> But then, Safari will not crash if I did not make use of the fetchHTML javascript function, so this is weird.<br> So make sure you have both safari_win_beta_bug.php and fetch_html.php installed in same directory to see it. </td> </tr> <tr> <td> </td> </tr> <tr> <td> Year: <select id="frmYear" name="frmYear" onchange="fetchHTML(1);"> <option value="0" selected>Choose year<option> <option value="1" selected>Year 1</option> <option value="2" selected>Year 2</option> </select> </td> </tr> <tr> <td> </td> </tr> <tr> <td id="setHTMLContainer"> </td> </tr> </table> </form> </body> </html> File: fetch_html.php <? if (isset($_GET['year'])){ $year = intval($_GET['year']); } else { $year = 0; } if (isset($_GET['step'])){ $step = intval($_GET['step']); } else { $step = 0; } if (isset($_GET['substep'])){ $substep = intval($_GET['substep']); } else { $substep = 0; } if ($year > 0){ $content = '\''; $content .= '<table border="0" cellpadding="0" cellspacing="0">'; $content .= '<tr><td>Step:</td>'; $content.= '<td><select id="frmStep" name="frmStep" onchange="fetchHTML(2)">'; $content.= '<option value="0" selected>Choose step</option>'; $content.= '<option value="1">STEP 1</option>'; $content.= '<option value="2">STEP 2</option>'; $content.= '</select>'; $content.= '</td></tr>'; if ($step > 0){ // output the step content $content.= '<tr><td colspan="2"> </td></tr>'; $content.= '<tr><td colspan="2">'; $content.= 'You selected content from<br>step '.$step; $content.= '</td></tr>'; } $content.= '</table>'; $content.= '\''; } echo "setHTML($content)"; exit(); ?>
(In reply to comment #0) > Test the files below.... > How do one make attachement here...??? > That would be nice to be able to do......!!!! In this version of Bugzilla, you may only attach files after creating the bug. See the "Create a New Attachment" link on the bug now. Does this still happen with a WebKit nightly build? http://nightly.webkit.org/ Could you attach a user.dmp file for the crash? http://webkit.org/quality/crashlogs.html Thanks!
Created attachment 15949 [details] crash dump file 1
Created attachment 15950 [details] crash dump file 2 Please see the two attached crash dump files.
<rdar://problem/5408488>
Created attachment 15955 [details] fetch_html.php (test file)
Created attachment 15956 [details] safari_win_beta_bug.php (test file)
Comment on attachment 15950 [details] crash dump file 2 This crash log is from a crash of mysqld.exe, not Safari.exe
Tore, I was able to reproduce the crash in Safari for Windows 3.0.3, but I haven't been able to make it crash when using a WebKit nightly from <http://nightly.webkit.org/>. Have you seen the crash when using a nightly, or only with the beta?
Since we haven't heard more about this issue in over a month and no one seems able to reproduce it, I'm closing as WORKSFORME.