An HTML file containing just <input type="text" onblur="alert('bye!')"> will crash Safari if the input element has focus when its containing tab is closed. This happens if I use command-W to close the tab or if I click on the X to close the tab. This happens with a file containing just the <input> tag (attached as simple.html), or with a valid HTML document containing the <input> tag (attached as valid_simple.html). I can reproduce this in Safari 2.0 (412), and in the latest WebKit build as of this morning. If I click on a new tab while the <input> has focus, Safari doesn't crash but the UI does not render the new tab correctly. If you click on the new tab again, it will render correctly, and Safari does not crash. I took a screenshot and attached this as bad_ui.png.
Created attachment 2592 [details] Simplest HTML that will crash safari
Created attachment 2593 [details] Simplest valid HTML that will crash Safari
Created attachment 2594 [details] What happens if you click on another tab
Created attachment 2595 [details] The crash log
very good testcase and bug report. Confirmed on tot build 2 minutes ago.
making it p1 since it's a reproducible crash.
I can't reproduce this crash on the latest TOT Webkit.
I missed one important detail in my bug report: you need to have at least one other tab open to produce the crash. If you just close the entire Safari window by clicking on the red button or quitting or using the close menu item, Safari will not crash. You need to close the tab contaning an input element that has focus and has an onblur attribute set. I tried this against the TOT, and attached the latest crash log.
Created attachment 2818 [details] Latest crash log
OK confirmed. Changed component to forms, made it a p1 crit since this will probably happen often. Reassigning to forms component owner. (prolly Hyatt as well ;) )
Is this a WebKit bug? The backtrace doesn't contain WebKit at all.
able to reproduce in Safari Version 2.0.2 (416.12) but unable to reproduce in Version 2.0.1 (420+)
*** This bug has been marked as a duplicate of 4194 ***
This can't be a duplicate since this crashes in ToT and test case for #4194 doesn't. Opening this again seems like a healthy decision.
Yes, I can also reproduce this on ToT. Reopening.
This might be a bug in AppKit, or in Safari. But it also might be the case that WebKit is over-releasing some object, or not calling some required AppKit method, leaving the view hierarchy in a bad state.
I can reproduce this crash using TOT WebKit and Safari-417.8 on 10.4.4. However, I cannot reproduce it using TOT WebKit *and* TOT Safari (which the open source community doesn't have access to). I don't know what was causing this, but it does appear to be at least partially a Safari issue, and one that has been fixed. Our general rule of thumb is to mark bugs INVALID if they're not WebKit issues, so that's probably what we should do here. But first I'd like to make sure someone else can reproduce my findings. Chris, can you try?
I can confirm this too. Based on the steps provided, I can only reproduce with TOT WebKit/Safari (417.8) but not with TOT WebKit/TOT Safari. Assigning back to John.
I'm marking this as INVALID as John recommended.