[Webkit-unassigned] [Bug 188696] New: beforeunload interoperability issues with a throwing return

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 17 04:35:30 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=188696

            Bug ID: 188696
           Summary: beforeunload interoperability issues with a throwing
                    return
           Product: WebKit
           Version: Safari 11
          Hardware: Macintosh
                OS: macOS 10.13
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: phistuck at chromium.org
                CC: cdumez at apple.com

Assuming prior user interaction, the following code prevents a navigation, but should not -
window.onbeforeunload =
 function (e)
 {
  return {toString: function () { throw 'e' }};
 }
Also, it makes Safari briefly show an error information bar.

You can test it manually with -
https://plnkr.co/edit/PVx2JKzf0OUrOfZZ4BcR?p=preview
Click on the green full screen icon on the top right corner and click on the various cases and then click on "back" to attempt to trigger the beforeunload confirmation.

There is some disagreement among browsers around the edge cases.
The following ways prevent navigation (range indicates supported until) -
Way                             Chrome  Firefox Safari  Internet Explorer Edge
return                          15      3       4       6                 15
returnValue                     30      3       6.1     6                 15
preventDefault                  No      3       11      9                 15
return {toString: throw}        15 - 24 3 - 18  4*      No                No
returnValue = {toString: throw} No      No      No      9                 15

*Safari 5.1 - browser crash, Safari 10.1 and 11.1 - looks like an automatically recovering tab crash.

Note -
The tests were run using BrowserStack, so the lowest versions available are -
Firefox 3
Safari 4
Internet Explorer 6
Edge 15.
Support in prior versions cannot be determined.

Note that Chrome used to support a throwing return, but stopped. Firefox, too.
Only Microsoft browsers support a throwing returnValue.
Only Safari supports a throwing return.

My interpretation of the specification is the same for return and returnValue. The value must be converted to a DOMString when set/returned. Since it cannot be converted, the value is the initial value/undefined/null/empty string. Null and empty strings are not supposed to prevent the navigation.
I think only Firefox is currently compliant with the specification.

https://html.spec.whatwg.org/multipage/webappapis.html#onbeforeunloadeventhandlernonnull
https://html.spec.whatwg.org/multipage/browsing-the-web.html#dom-beforeunloadevent-returnvalue
https://html.spec.whatwg.org/multipage/webappapis.html#the-event-handler-processing-algorithm - "If an exception gets thrown by the callback, end these steps and allow the exception to propagate" (the next step cancels the event, so that does not happen)
https://html.spec.whatwg.org/multipage/browsing-the-web.html#prompt-to-unload-a-document


Original Chromium code review discussion -
https://chromium-review.googlesource.com/c/chromium/src/+/1154225/9..10#message-8751c40094a6e40fe00991099d5d3e71cf9c076e

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180817/710bd2a8/attachment-0001.html>

More information about the webkit-unassigned mailing list