[Webkit-unassigned] [Bug 111720] Wrong parameters passed to canExecuteScripts in ScriptEventListener (JSC and V8)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 7 10:16:08 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=111720


Joe Mason <jmason at rim.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jmason at rim.com




--- Comment #3 from Joe Mason <jmason at rim.com>  2013-03-07 10:18:33 PST ---
I don't even remember writing the patch that this is based on anymore, but looking at the code... The only difference that the AboutToExecuteScript parameter makes is that if it's set, and canExecuteScripts returns false, FrameLoaderClient::didNotAllowScript gets called. Which could, for example, open a dialog warning the user that scripts on this page did not run.

But createAttributeEventListener does not actually run a script - it just creates a listener. The script isn't run unless the listener fires. So without this patch, if you disable Javascript you could get a "Javascript was blocked" warning just on loading the page, rather than when performing the action that actually runs the script.

Looking at the code, I think JSLazyEventListener::initializeJSFunction has the same problem. In JSEventListener::handleEvent, canExecuteScripts(AboutToExecuteScript) gets called before the script is executed*, so the order is:

  JSEventListener::handleEvent
    calls JSEventListener::jsFunction
      calls JSLazyEventListener::initializeJSFunction
        calls canExecuteScripts(AboutToExecuteScript) -> should be NotAboutToExecuteScript, since it's just creating and returning the script, not executing it yet
    calls canExecuteScripts(AboutToExecuteScript)
    executes the script

If initializeJSFunction is ever called in a different context where the script is just held for a while before executing, this would cause didNotAllowScripts to be called prematurely.

*(But only for documents, with "FIXME: Is this check needed for other contexts? Should look into that. It's possible that JSLazyEventListener always calling canExecuteScripts(AboutToExecuteScript) is hiding another bug where it's not always called in JSEventListener::handleEvent.)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list