[Webkit-unassigned] [Bug 39891] HTML5ScriptRunner can re-enter from event dispatch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 18 10:53:39 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39891
--- Comment #1 from Eric Seidel <eric at webkit.org> 2010-06-18 10:53:39 PST ---
Created an attachment (id=59134)
--> (https://bugs.webkit.org/attachment.cgi?id=59134)
Cleaned up test case which reveals at least one ASSERT in ToT
The fix for the first assert:
ASSERTION FAILED: !haveParsingBlockingScript()
(/Projects/WebKit/WebCore/html/HTML5ScriptRunner.cpp:262 void WebCore::HTML5ScriptRunner::runScript(WebCore::Element*, int))
is to just re-order the setting of m_parsingBlockingScript until after the beforeLoad check, since the before load might cancel the script anyway!
The next assertions you hit, of close m_source, relate to the insertion point never getting set for some of these calls. Those need a bit more thought.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list