[Webkit-unassigned] [Bug 40232] New: postMessage(window) throws "Type error" with input elements other than text fields

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jun 7 06:10:22 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=40232

           Summary: postMessage(window) throws "Type error" with input
                    elements other than text fields
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: kim.1.gronholm at nokia.com


Created an attachment (id=58021)
 --> (https://bugs.webkit.org/attachment.cgi?id=58021)
Backtrace of postMessage(window) throwing a type error

postMessage(window) should throw TypeError: "Cannot post cyclic structures."
like it (normally) does in LayoutTests/fast/dom/Window/window-postmessage-clone.html.
However, in case the TreeWalker traverses through an input element other than
text field before it notices the cyclic structure, it throws TypeError: "Type 
error".

This issue was revealed when adding a new attribute to Element.idl which
caused the hash lookup to traverse through the objects/properties in different
order in LayoutTests/fast/dom/Window/window-postmessage-clone.html. The issue can
also be seen by slightly modifying the test page by e.g. adding a dummy input
element on top of the test page with type "button" or "file" (I'll attach a
test case for this)

The reason why this happens is that when the TreeWalkers in WebCore/bindings/
js/SerializedScriptValue.cpp walk through the objects and their properties,
the getProperty function ends up querying the JSHTMLInputElement::selectionStart
or JSHTMLInputElement::selectionEnd properties whose getters throw the type
error in case the input element is not of type "TextField" (!input->canHaveSelection())

See the example backtrace for further clarification.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list