Bug 185191 - document.open() event listener removal is not immediate
Summary: document.open() event listener removal is not immediate
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-05-02 02:13 PDT by Anne van Kesteren
Modified: 2018-05-02 11:40 PDT (History)
11 users (show)

See Also:

Attachments
Patch (4.19 KB, patch)
2018-05-02 09:53 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Chris Dumez 2018-05-02 08:56:35 PDT 
I believe the issue is that EventListenerMap::clear() clears m_entries but fails to call markAsRemoved() on each RegisteredEventListener. Therefore, if somebody already had a reference to the RegisteredEventListeners, it can still fire events at them.
Comment 2 Anne van Kesteren 2018-05-02 09:19:52 PDT 
Yeah, that sounds similar to how the standard works. When you invoke removeEventListener() it both removes from the list and sets a removed flag that dispatch will take into account.

I think this should work similar (and it does in Chrome and Firefox).
Comment 3 Chris Dumez 2018-05-02 09:53:28 PDT 
Created attachment 339310 [details]
Patch
Comment 4 WebKit Commit Bot 2018-05-02 11:39:25 PDT 
Comment on attachment 339310 [details]
Patch

Clearing flags on attachment: 339310

Committed r231248: <https://trac.webkit.org/changeset/231248>
Comment 5 WebKit Commit Bot 2018-05-02 11:39:27 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Radar WebKit Bug Importer 2018-05-02 11:40:21 PDT 
<rdar://problem/39912521>