Created attachment 469859 [details] Hang the Safari tab by removing an object tag. Running the HTML below you can get the Safari Tab to hang. It happens the moment an object added is removed again (see the button): E.g. removing this definition from the node tree (this does NOT work inside an iframe) `<object ref="builtin" type="application/pdf" style="position: absolute;z-index: -1;"><span></span></object>` Steps to Reproduce ------------------ Load the HTML inside the browser (not in an iframe) on a desktop mac. Pressing 'inc' will work After pressing 'crash' the browser engine hangs (it adds and then removes the object tag) It does not matter how you remove the object node, the tab becomes unusable. See the click handler for inc, but nothing really works anymore. Expected Results ---------------- Just like in Chrome/Edge/Firefox the node should just be removed. Build Data & Hardware --------------------- Safari 19617.1.17.11.12 and on 274622@main. Running on Sonoma 14.2.1 MacBookPro 16 M1 Max
I get following in console while loading: >> CoreGraphics PDF has logged an error. Set environment variable "CG_PDF_VERBOSE" to learn more. I was using 'release' build as of WebKit ToT (274623@main). It is reproducible hang and whole minibrowser start misbehaving and navigation becomes slow to interact.
*** This bug has been marked as a duplicate of bug 268536 ***