RESOLVED FIXED Bug 38752
Strange behaviour after js insertion into a page pointing directly to an object (image, swf, etc) 
https://bugs.webkit.org/show_bug.cgi?id=38752
Summary Strange behaviour after js insertion into a page pointing directly to an obje...
Aymeric Vitte
Reported 2010-05-07 08:15:34 PDT
The problem was discovered with this url : http://www.villiard.com/images/voitures/voiture.jpg Go on this url and put in the address bar following js insertion (that we call "Extract Widget"): javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];if(typeof JSON!='object'){var j=d.createElement("SCRIPT");j.charset="utf-8";j.id="jsonscript";j.src="http://www.blimpme.com/bbrowser/json2.js";j=s.appendChild(j);};var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/injectold.php?url="+encodeURIComponent(d.location.href);b=s.appendChild(b);})(); Then reload the first url and put in the address bar : javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];if(typeof JSON!='object'){var j=d.createElement("SCRIPT");j.charset="utf-8";j.id="jsonscript";j.src="http://www.blimpme.com/bbrowser/json2.js";j=s.appendChild(j);};var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/inject.php?url="+encodeURIComponent(d.location.href);b=s.appendChild(b);})(); As you can see the result is different, in the first case we do not see the background images although it's there, we have checked with the debugger and the objects look correct in the page. The second case is a palliative to correct that, we do reload the url inside an iframe and then the extract widget js insertion works correctly. We know it's a very particular case but still needs to be investigated, it behaves as if everything was not working in the dom while loading an url pointing directly to an object.
Attachments
proposed fix (6.65 KB, patch)
2010-05-11 10:58 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-05-07 12:14:40 PDT
There is a lot of obfuscated code in inject.php. Could you make a reduced test case that would be easier to understand? I suspect that the issue here is that ImageDocument is a separate Document subclass, different from HTMLDocument. That's a bug in WebKit, it should not be separate. But it's hard to tell whether this is the issue without a reduced test case. See also: bug 25397.
Aymeric Vitte
Comment 2 2010-05-08 07:52:35 PDT
Hi, Please try : javascript:(function(){var d=document;var h=d.getElementsByTagName("head");var s=h.length===0?d.getElementsByTagName("html")[0].insertBefore(d.createElement("HEAD"),d.body):h[0];var b=d.createElement("SCRIPT");b.charset="utf-8";b.src="http://www.blimpme.com/bbrowser/bug.js";b=s.appendChild(b);})(); You will see on the top left corner of the page 'Test Bug' but without the background image that we include in bug.js which just insert a div in the page with a background image and a text 'Test Bug'
Alexey Proskuryakov
Comment 3 2010-05-10 16:53:12 PDT
This happens because DocLoader::m_autoLoadImages is false for ImageDocument documents.
Alexey Proskuryakov
Comment 4 2010-05-11 10:58:54 PDT
Created attachment 55721 [details] proposed fix
Alexey Proskuryakov
Comment 5 2010-05-12 12:21:10 PDT
Committed <http://trac.webkit.org/changeset/59250>. I'm not 100% sure if this also fixed .swf - please test with the next nightly build, and file a new bug report if it didn't.
Note You need to log in before you can comment on or make changes to this bug.