[Webkit-unassigned] [Bug 20299] New: DOMSubTreeModified event handler can cause 100% CPU use and stack exhaustion
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 6 06:01:09 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20299
Summary: DOMSubTreeModified event handler can cause 100% CPU use
and stack exhaustion
Product: WebKit
Version: 525.x (Safari 3.1)
Platform: PC
URL: http://skypher.com/SkyLined/Repro/Safari/document.body%2
0DOMSubTreeModified%20event%20loop/100%25%20CPU.html
OS/Version: Windows Vista
Status: NEW
Severity: Critical
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: berendjanwever at gmail.com
Call loops can be triggered with this code (100% CPU use):
http://skypher.com/SkyLined/Repro/Safari/document.body%20DOMSubTreeModified%20event%20loop/100%25%20CPU.html
<SCRIPT>
document.addEventListener("DOMSubtreeModified", function () {
event.srcElement.innerHTML='<BR>';
}, true);
document.body.setAttribute('x',0)
</SCRIPT>
Recursive function calls can be triggered with this code (stack exhaustion):
http://skypher.com/SkyLined/Repro/Safari/document.body%20DOMSubTreeModified%20event%20loop/Stackoverflow.html
<SCRIPT>
document.addEventListener("DOMSubtreeModified", function () {
event.srcElement.innerHTML = '<TH><title></title>';
}, true);
document.body.setAttribute('x',0)
</SCRIPT>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list