If Javascript addEventListener() method is executed in an iframe which has style attribute "display:none" set on itself or on an parent element, then Safari crashes. The method is invoked by the window onload listener If style is set to display:block Safari does not crash This behavior appears for registering on 'touchstart', 'touchmove', 'touchend' and 'touchcancel' It does not appear when registering on 'click' navigator.useragent for Safari on iphone returns: Mozilla/5.0 (iphone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7 iphone OS Version: 4.0 (8A293) Safari on Desktop for Windows does not crash (mozilla/5.0 (windows; u; windows nt 5.1; de-de) applewebkit/531.21.8 (khtml, like gecko) version/4.0.4 safari/531.21.10) Here the testcode iframe (code does not change in crashing version and not crashing version): <html><head> </head> <body> IFRAME <script> console.log('crash safari test'); window.addEventListener('load', function() { // adding eventlistener crashes safari document.body.addEventListener('touchcancel', function() { // do nothing }, false); }); </script> </body> </html> html which loads iframe: crashing version <html><head> <title>Safari crash test</title> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"> </head><body> <div> Safari crash test <!-- iframe with style display:none crashes the browser --> <iframe style="display:none;" src="iframe.htm"></iframe> </div> </body></html> not crashing version <html><head> <title>Safari crash test</title> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"> </head><body> <div> Safari crash test <!-- iframe with style display:none crashes the browser --> <iframe style="display:block;" src="iframe.htm"></iframe> </div> </body></html>
Created attachment 58879 [details] Attached are the testfiles
Bugs against unreleased Apple software should be filed at <http://bugreport.apple.com/>, not in a public forum.