[Webkit-unassigned] [Bug 28716] Event listeners installed on a window object returned from window.open() don't work

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Aug 26 00:01:38 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=28716


Alexey Proskuryakov <ap at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|'load' event is not fired   |Event listeners installed
                   |on a window object returned |on a window object returned
                   |from window.open()          |from window.open() don't
                   |                            |work
         AssignedTo|dimich at chromium.org         |webkit-unassigned at lists.web
                   |                            |kit.org
          Component|Page Loading                |WebCore JavaScript
                 CC|                            |abarth at webkit.org,
                   |                            |ap at webkit.org,
                   |                            |sam at webkit.org




--- Comment #3 from Alexey Proskuryakov <ap at webkit.org>  2009-08-26 00:01:37 PDT ---
For some context: when window.open() returns, the associated frame holds a
pointer to temporary document object, which is replaced with a real one as
provisional load is committed. Thus, w.document event listeners or properties
would be all lost in both Firefox and Safari.

Like Firefox, we don't do the same for window object, but we clear event
listeners to prevent cross-origin attacks (I think). This seems inconsistent to
me - it would seem that properties shouldn't be preserved cross-origin either.
And indeed, there doesn't seem to be a reason to remove listeners in same
origin case, as far as I can tell.

#0    0x03bbff40 in WebCore::DOMWindow::removeAllEventListeners at
DOMWindow.cpp:1364
#1    0x03ae1213 in WebCore::Document::removeAllEventListeners at
Document.cpp:1389
#2    0x03c44ee8 in WebCore::FrameLoader::stopLoading at FrameLoader.cpp:585
#3    0x03c451c0 in WebCore::FrameLoader::closeURL at FrameLoader.cpp:633
#4    0x03c45ef0 in WebCore::FrameLoader::transitionToCommitted at
FrameLoader.cpp:2900
#5    0x03c46572 in WebCore::FrameLoader::commitProvisionalLoad at
FrameLoader.cpp:2825
#6    0x03b0d030 in WebCore::DocumentLoader::commitIfReady at
DocumentLoader.cpp:320
#7    0x03b0d061 in WebCore::DocumentLoader::commitLoad at
DocumentLoader.cpp:340
#8    0x03b0d0ee in WebCore::DocumentLoader::receivedData at
DocumentLoader.cpp:354
#9    0x03c3a815 in WebCore::FrameLoader::receivedData at FrameLoader.cpp:2472
#10    0x03fa8aee in WebCore::MainResourceLoader::addData at
MainResourceLoader.cpp:143
#11    0x0413b657 in WebCore::ResourceLoader::didReceiveData at
ResourceLoader.cpp:247
#12    0x03fa8146 in WebCore::MainResourceLoader::didReceiveData at
MainResourceLoader.cpp:352
#13    0x0413aae8 in WebCore::ResourceLoader::didReceiveData at
ResourceLoader.cpp:397

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list