[Webkit-unassigned] [Bug 39891] New: HTML5ScriptRunner can re-enter from event dispatch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 28 11:37:16 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39891
Summary: HTML5ScriptRunner can re-enter from event dispatch
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: eric at webkit.org
CC: abarth at webkit.org, tonyg at chromium.org
Blocks: 39259
HTML5ScriptRunner can re-enter from event dispatch
HTML5ScriptRunner tries to only enter scripting when calling "executeScript" on the HTML5SriptRunnerHost, but I realize after writing it that it will also re-enter from events which will cause us to hit m_scriptNestingLevel ASSERTs and do the wrong thing. :)
I tried to write a test for this, but it doesn't quite work yet, and I have more important bugs to fix in the code before I get back to this one so recording it for posterity:
1
<script>
function doubleWrite(number)
{
document.write("<script>document.write(" + number ")</scr" + "ipt><script>document.write(" + (number+1) ")</scr" + "ipt>")
}
</script>
2
<script
onbeforeload="doubleWrite(3)"
onload="doubleWrite(5)"
src="data:text/plain,doubleWrite(7)"
></script>
9
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list