[Webkit-unassigned] [Bug 119219] New: script tag in document.write into an iframe triggers twice

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 29 08:15:51 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119219

           Summary: script tag in document.write into an iframe triggers
                    twice
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://harryledley.com/bug.html
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: harryledley at gmail.com


If the content being written in a document.write into an iframe contains a script tag with a valid src in the head, it will trigger twice on a hard refresh.

Example page:
<html>
    <head>
    </head>
    <body>
<img src='http://lakeshorepreserve.wisc.edu/photo-gallery/bigwoods/lg/Big%20Woods%20Aerial,%20Cronon,%20DSC_8790.jpg'>
<script>
    var url="http://www.random.org/integers/?num=10&min=1&max=6&col=1&base=10&format=plain&rnd=new";

    var jquery="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js";
    var iframe = document.createElement('iframe');

    document.body.appendChild(iframe);

    var contents = '<!DOCTYPE html><html><head><title></title>\
                <meta http-equiv="content-type" content="text/html; charset=UTF-8">\
                <scr'+'ipt src="'+url+'"></scr'+'ipt>\
                <scr'+'ipt src="'+jquery+'"></scr'+'ipt>\
                </head></html>';

    iframe.contentWindow.document.open('text/html', 'replace');
    iframe.contentWindow.document.write(contents);
    iframe.contentWindow.document.close();
    </script>
    </body>
</html>

The first script tag (random.org) should only fire once. Instead the first script tag fires twice.  In Chrome they are both unique calls -- you can see this by looking at the response from each call.  In safari the second call looks to load from cache as the numbers are the same.  This seems to happen only when a document.write occurs before the window is loaded, hence the large image to delay the load event.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list