[Webkit-unassigned] [Bug 41948] REGRESSION(r60392): Crash during page load inside JSObject::defaultValue

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 9 13:12:59 PDT 2010


https://bugs.webkit.org/show_bug.cgi?id=41948





--- Comment #7 from Peter Speck <speck at vitality.dk>  2010-07-09 13:12:59 PST ---
Trimming the iframe scripts using GlimmerBlocker (http proxy which can modify files on-the-fly), I can reduce the iframe to be just the script
http://front.xstream.dk/jptv/resources/scripts/flash_streaming.js
and still have it crash.

I can reduce the iframe script, so it only consists of the following:

var href=new String(document.location.href);var f=0;var fv='-';
var ref = 'hello'
eval('try { if (typeof top.document.referrer=="string") { ref=top.document.referrer } } catch(e) {f=3;}');
var url='&fv='+escape(fv)+'&href='+escape(href.substring(0,499));


It crashes in the "var url" line.

It doesn't crash if I do any of the following:
1) unwrap the eval
2) remove '&fv='+escape(fv)+
3) remove '&href='+escape(href.substring(0,499))+
4) change  var href=new String(document.location.href);
   to      var href=document.location.href;

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list