Created attachment 45374 [details] Example Summary: Relative path in javascript is wrong while trying to open document in frames. Steps to Reproduce: We need three files in root directory: index.html, form1.html and form2.html Also one file in /dir/ directory: action.html index.html has one frame: <iframe id="topframe" name="topframe" scrolling="no" frameborder="0" width="980" height="580" src="form1.html";></iframe> form1.html looks like this: <input type="button" id="action" name="action" value="Make action" onclick = "document.getElementById('actionframe').src='dir/action.html';"> <input type="button" id="sel" name="sell" value="..." onclick = "top.frames['topframe'].location.replace('form2.html');"> action.html source is: <script type="text/javascript">parent.document.getElementById('sel').click();</script> So, when you open index.html, you see two buttons: first (Action) that opens form2.html in the same frame, second (...) that opens /dir/action.html in other frame. While /dir/action.html just "clicks" the first button. Basically both buttons do the same. The problem is that (...) button does not work. Expected Results: parent.document.getElementById('sel').click() must just "click" the first button and form2.html must be opened. Actual Results: parent.document.getElementById('sel').click() "clicks" the first button. But it also changes relative path from /safari_test/form2.html to /safari_test/dir/form2.html and servers gives an error: Not Found The requested URL /safari_test/dir/form2.html was not found on this server. Regression: On Safari 3 it was OK (I don't know which Webkit build it was though). Notes: I made an example, so you can test it here: http://82.135.245.49/safari_test/ I attached sample code too.
Created attachment 45397 [details] test case Attaching a more straightforward test case.
So, relative URL resolving should work differently depending on whether location.replace() is called on parent directly, or via a simulated click(). IE and Firefox both agree with Safari 3 here.
<rdar://problem/7494025>
This might be related to a long-standing bug that JSC doesn't restart the dynamic scope when you call dispatchEvent. Charlie recently rediscovered this issue when looking at sharing code between V8 and JSC.
(In reply to comment #4) > This might be related to a long-standing bug that JSC doesn't restart the > dynamic scope when you call dispatchEvent. Charlie recently rediscovered this > issue when looking at sharing code between V8 and JSC. That's right. I was basically testing Alexey's attached test case with dispatchEvent instead of click(), but it's the same issue discussed here. It appears that Chrome (i.e., V8), Firefox, and IE restart the dynamic scope (which V8 calls the "entered context") after a dispatchEvent occurs, but Safari 4 doesn't. This ends up being visible to the user in a few ways: how relative URLs are resolved, what the HTTP referer header is set to, and whether an action is considered a user gesture (perhaps among other things).
This test passes in Safari 11.