RESOLVED FIXED185191
document.open() event listener removal is not immediate 
https://bugs.webkit.org/show_bug.cgi?id=185191
Summary document.open() event listener removal is not immediate
Attachments
Patch (4.19 KB, patch)
2018-05-02 09:53 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-05-02 08:56:35 PDT
I believe the issue is that EventListenerMap::clear() clears m_entries but fails to call markAsRemoved() on each RegisteredEventListener. Therefore, if somebody already had a reference to the RegisteredEventListeners, it can still fire events at them.
Anne van Kesteren
Comment 2 2018-05-02 09:19:52 PDT
Yeah, that sounds similar to how the standard works. When you invoke removeEventListener() it both removes from the list and sets a removed flag that dispatch will take into account. I think this should work similar (and it does in Chrome and Firefox).
Chris Dumez
Comment 3 2018-05-02 09:53:28 PDT
Created attachment 339310 [details] Patch
WebKit Commit Bot
Comment 4 2018-05-02 11:39:25 PDT
Comment on attachment 339310 [details] Patch Clearing flags on attachment: 339310 Committed r231248: <https://trac.webkit.org/changeset/231248>
WebKit Commit Bot
Comment 5 2018-05-02 11:39:27 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2018-05-02 11:40:21 PDT
<rdar://problem/39912521>
Note You need to log in before you can comment on or make changes to this bug.