[Webkit-unassigned] [Bug 23288] New: WebKit makes incorrect assumptions about MIME types based on DOM context

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 13 02:21:06 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=23288

           Summary: WebKit makes incorrect assumptions about MIME types
                    based on DOM context
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
               URL: http://llamaguy.com/test/img_script.html
        OS/Version: Mac OS X 10.5
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: marcel at facebook.com


Note: The summary of this ticket is based purely on speculation.

Given the following code:

    alert('enter');
    var s = document.createElement('script');
    var i = document.createElement('img');
    s.src = 'alert.js';
    i.src = 'alert.js';
    document.body.appendChild(s);
    i.onerror = function() {
      alert('img error');
    }
    alert('exit');

Where alert.js contains only "alert(1)", WebKit will alert in sequence,
"enter", "exit", and "img error". "1" will never be alerted.

If you swap the order of lines 5 and 6 [i.src = ...; & document.body....] you
will no longer see "img error", instead you will see "1".

After you execute the version which alerts "1", and revert the code the back to
the original (which used to alert "img error") it will now alert "enter", "1",
and "exit". Clearing your cache will bring you back to the old behavior of
"enter", "exit", "img error" until you execute the 2nd version again.

If I had to guess I would say that WebKit is guessing the MIME type of the
resource before it's fetched, based on how the page is using the resource. The
request to alert.js comes back as text/javascript, but at that point WebKit has
already made up its mind. In the case where there's a local cache hit it can
decide the MIME type without guessing or blocking the script on an HTTP
request, so it makes no assumptions.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list