Bug 40670 - Safari crashes wenn executing addEventListener() for touchevents in an invisible iframe on iphone OS 4.0 beta (8A293)
Summary: Safari crashes wenn executing addEventListener() for touchevents in an invisi...
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other Other
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-16 04:13 PDT by ranunculus
Modified: 2010-06-16 15:36 PDT (History)
1 user (show)

See Also:


Attachments
Attached are the testfiles (961 bytes, application/x-zip-compressed)
2010-06-16 04:42 PDT, ranunculus
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description ranunculus 2010-06-16 04:13:17 PDT
If Javascript addEventListener() method is executed in an iframe which has style attribute "display:none" set on itself or on an parent element, then Safari crashes.

The method is invoked by the window onload listener

If style is set to display:block Safari does not crash

This behavior appears for registering on 'touchstart', 'touchmove', 'touchend' and 'touchcancel'

It does not appear when registering on 'click'

navigator.useragent for Safari on iphone returns:
 Mozilla/5.0 (iphone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7

iphone OS Version: 4.0 (8A293)

Safari on Desktop for Windows does not crash (mozilla/5.0 (windows; u; windows nt 5.1; de-de) applewebkit/531.21.8 (khtml, like gecko) version/4.0.4 safari/531.21.10)


Here the testcode

iframe (code does not change in crashing version and not crashing version):

<html><head>
</head>
<body>
    IFRAME
<script>

console.log('crash safari test');
window.addEventListener('load', function() {
    // adding eventlistener crashes safari
    document.body.addEventListener('touchcancel', function() {
        // do nothing
    }, false);

});
</script>
</body>
</html>

html which loads iframe:

crashing version

<html><head>
<title>Safari crash test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0,
maximum-scale=1.0">
</head><body>
<div>
    Safari crash test
<!-- iframe with style display:none crashes the browser -->
<iframe style="display:none;" src="iframe.htm"></iframe>
</div>
</body></html>

not crashing version

<html><head>
<title>Safari crash test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0,
maximum-scale=1.0">
</head><body>
<div>
    Safari crash test
<!-- iframe with style display:none crashes the browser -->
<iframe style="display:block;" src="iframe.htm"></iframe>
</div>
</body></html>
Comment 1 ranunculus 2010-06-16 04:42:58 PDT
Created attachment 58879 [details]
Attached are the testfiles
Comment 2 Mark Rowe (bdash) 2010-06-16 15:36:35 PDT
Bugs against unreleased Apple software should be filed at <http://bugreport.apple.com/>, not in a public forum.