[Webkit-unassigned] [Bug 149251] New: IFrame contentWindow loses add/remove eventListener methods when its not in the DOM

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 17 00:45:55 PDT 2015


            Bug ID: 149251
           Summary: IFrame contentWindow loses add/remove eventListener
                    methods when its not in the DOM
    Classification: Unclassified
           Product: WebKit
           Version: Safari 8
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: AmazingJaze at gmail.com


I have found that on Safari and iOS, if I add a resize listener to the contentWindow of an Iframe, then I am unable to remove that listener if the Iframe is no longer in the DOM. I am concerned about memory leaks.

The Iframe contentWindow property returns null when it is not in the DOM and if I had previously stored a reference to the Iframe's contentWindow property before it was removed from the 
DOM, checking that reference while the iframe is not in the DOM returns a Window object that is missing all the methods from its prototype chain, such as addEventListener and removeEventListener.

I am writing a UI control that creates and uses an Iframe and its "resize" event. I try to unregister my resize listener on the Iframe contentWindow whenever a user calls my control's dispose() API, but there is no way to guarantee that the control is still in the DOM when this happens, and if its not in the DOM, an exception is thrown.

Below is a very simple repro. This does not Repro in Chrome, IE, Edge, FF, or Android browser.

                var iframe = document.createElement("IFRAME");
                var referenceToContentWindow;
                setTimeout(function () {

                    referenceToContentWindow = iframe.contentWindow;

                    // Evaluates to True

                    // Evaluates to True

                    setTimeout(function () {

                    // Throws Exception, contentWindow is null 

                    // Evaluates to False, referenceToContentWindow is type Window, but it no longer has the function.

                    }, 100);
                }, 100);

As a work around I tried calling: 
Object.getPrototypeOf(referenceToContentWindow).removeEventListener.call(referenceToContentWindow, "resize", boundResizeHandler); 

And while that executes without throwing a DOM exception, it doesn't actually remove the handler, as it will still fire if I re-append the iframe and resize it, but running the above line while the Iframe is already in the DOM, will remove the event listener.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150917/9bed818d/attachment.html>

More information about the webkit-unassigned mailing list