[Webkit-unassigned] [Bug 26520] New: Accessing a DOM node from a parent window in a child iframe moves the prototype to the child iframe and resets it in the parent window

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 18 15:17:25 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=26520

           Summary: Accessing a DOM node from a parent window in a child
                    iframe moves the prototype to the child iframe and
                    resets it in the parent window
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://paulsowden.com/etc/webkit/test-prototype.html
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: paul at idontsmoke.co.uk


In the test case we extend the prototype of HTMLInputElement to add a property
"foo".  In the child iframe I extend the prototype of HTMLInputElement to add a
property "bar".  In the child iframe we hook up an event listener to the parent
window's body and access e.target.

When clicking the submit button we should expect to see "foo", which is the
property we added to the HTMLInputElement's prototype, but instead we see
"undefined".  Removing the line in the iframe which accesses e.target causes
the alert to display "foo", as expected.

It looks like when e.target is accessed in the child iframe it creates the
HTMLElement DOM wrapper and this causes the prototypes from the parent window
to be moved to the child iframe, then when we handle the onsubmit event in the
parent window it lazyilly creates the HTMLElement DOM wrapper but with a blank
prototype that now exists in the parent window.

The extended prototypes are getting incorrectly moved between the two window
objects.

This looks like it could be related to bug 24795 but the testcase attached to
that bug seems to work in the latest nightly so I suspect that it could
actually be a different issue.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list