Bug 38752 - Strange behaviour after js insertion into a page pointing directly to an object (image, swf, etc)
Summary: Strange behaviour after js insertion into a page pointing directly to an obje...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Alexey Proskuryakov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-05-07 08:15 PDT by Aymeric Vitte
Modified: 2010-05-12 12:21 PDT (History)
1 user (show)

See Also:


Attachments
proposed fix (6.65 KB, patch)
2010-05-11 10:58 PDT, Alexey Proskuryakov
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Aymeric Vitte 2010-05-07 08:15:34 PDT
The problem was discovered with this url :

http://www.villiard.com/images/voitures/voiture.jpg

Go on this url and put in the address bar following js insertion (that we call "Extract Widget"):

javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];if(typeof JSON!='object'){var j=d.createElement("SCRIPT");j.charset="utf-8";j.id="jsonscript";j.src="http://www.blimpme.com/bbrowser/json2.js";j=s.appendChild(j);};var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/injectold.php?url="+encodeURIComponent(d.location.href);b=s.appendChild(b);})();

Then reload the first url and put in the address bar :

javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];if(typeof JSON!='object'){var j=d.createElement("SCRIPT");j.charset="utf-8";j.id="jsonscript";j.src="http://www.blimpme.com/bbrowser/json2.js";j=s.appendChild(j);};var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/inject.php?url="+encodeURIComponent(d.location.href);b=s.appendChild(b);})();

As you can see the result is different, in the first case we do not see the background images although it's there, we have checked with the debugger and the objects look correct in the page.

The second case is a palliative to correct that, we do reload the url inside an iframe and then the extract widget js insertion works correctly.

We know it's a very particular case but still needs to be investigated, it behaves as if everything was not working in the dom while loading an url pointing directly to an object.
Comment 1 Alexey Proskuryakov 2010-05-07 12:14:40 PDT
There is a lot of obfuscated code in inject.php. Could you make a reduced test case that would be easier to understand?

I suspect that the issue here is that ImageDocument is a separate Document subclass, different from HTMLDocument. That's a bug in WebKit, it should not be separate. But it's hard to tell whether this is the issue without a reduced test case.

See also: bug 25397.
Comment 2 Aymeric Vitte 2010-05-08 07:52:35 PDT
Hi,

Please try :

javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/bug.js";b=s.appendChild(b);})();

You will see on the top left corner of the page 'Test Bug' but without the background image that we include in bug.js which just insert a div in the page with a background image and a text 'Test Bug'
Comment 3 Alexey Proskuryakov 2010-05-10 16:53:12 PDT
This happens because DocLoader::m_autoLoadImages is false for ImageDocument documents.
Comment 4 Alexey Proskuryakov 2010-05-11 10:58:54 PDT
Created attachment 55721 [details]
proposed fix
Comment 5 Alexey Proskuryakov 2010-05-12 12:21:10 PDT
Committed <http://trac.webkit.org/changeset/59250>.

I'm not 100% sure if this also fixed .swf - please test with the next nightly build, and file a new bug report if it didn't.