NEW41125
Spurious extra onchange event handler is fired in Safari mac porting layer of list boxes 
https://bugs.webkit.org/show_bug.cgi?id=41125
Summary Spurious extra onchange event handler is fired in Safari mac porting layer of...
Abhishek Arya
Reported 2010-06-23 19:24:49 PDT
Branching off from security bug 40828 since this is a functional issue. Comment #17 From Abhishek Arya 2010-06-23 18:53:20 PST (-) [reply] Alexey, the behavior difference looks to come out as a bug in mac implementation. In safari trunk on win and chrome on win is identical to firefox, the select box remain opens and expand the childs (and select the first one). Whereas in mac, for safari, the select box opens during onchange and expands child during mousedown, but as soon mouseup occurs, there is another onchange fired again which is wrong and causes the selectbox to collapse resulting in ugly blink. basically on mouseup, that event should not be fired. I dont know if i was able to summarise properly, so ccing james and justin to help here. Comment #18 From James Robinson 2010-06-23 18:57:03 PST (-) [reply] This looks like a bug in the Safari Mac porting layer's handling of list boxes and a behavior bug, not a security bug. The page works properly in Safari/win, Chrome/win, Chrome/mac. The page also works in FireFox/win and FireFox/mac, although not identically. The root of the issue in Safari/mac seems to be that if the select is opened up by clicking on the element (as opposed to hitting a keyboard arrow when the element has focus), selection one of the options fires two onchange events instead of one. It looks like there's a synthentic mousedown event being generated somewhere that shouldn't be. Comment #19 From James Robinson 2010-06-23 19:00:21 PST (-) [reply] What Abishek said :). The 'flash' you see is because Safari/mac fires an onchange event and the page's javascript changes the size to >1 and sets the selectedIndex attribute on the <select>. The page then paints in this state. Then, Safari/mac fires _another_ onchange event which causes the page's javascript to set the size back to 1 and to change the selectedIndex property. Then this page is painted. The second onchange event shouldn't be fired at all (and is not in Safari/win, Chrome/* and Firefox/*). --------- Kudos to James and Justin for analyzing this anomaly with me.
Attachments
Add attachment proposed patch, testcase, etc.
Abhishek Arya
Comment 1 2010-06-23 19:28:33 PDT
Steps to reproduce:: http://www.mav-start.hu/english/index.php is the online hungarian railway guide. If you choose an option from "Reduction" drop-down list, on safari mac, you will see a blink and selectbox closes down to size 1 with selection. Compare behavior to Safari win, Chrome *, Firefox.
Justin Schuh
Comment 2 2010-06-24 10:17:32 PDT
To clear up any confusion, this is marked as a security bug only because the example URL triggers bug 40828. However, the functional bug shouldn't be related to the security bug. So, it should be entirely possible to create a reduction that doesn't need to be treated as a security issue.
David Kilzer (:ddkilzer)
Comment 3 2010-07-01 14:59:31 PDT
<rdar://problem/8152711>
Eric Seidel (no email)
Comment 4 2012-08-03 01:04:58 PDT
Given that the security bug is loooong since fixed, this functional bug can drop the security keyword.
Jon Lee
Comment 5 2012-08-03 10:54:38 PDT
Does this bug still exist? I am not seeing this "flashing". Also, I added some debugging in the onchange event handler for the select, and only see it being called once when I select an option using the mouse.
Note You need to log in before you can comment on or make changes to this bug.