Last Comment Bug 451037 - document.loadBindingDocument() returns a document that does not have a script handling object
: document.loadBindingDocument() returns a document that does not have a script...
Status: VERIFIED FIXED
: [sg:critical]
: fixed1.9.0.2, verified1.8.1.17
Product: Core
Classification: Components
Component: Security
: 1.8 Branch
: x86 Windows XP
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug]
: toolkit
:
: 461772
:
  Show dependency treegraph
 
Reported: 2008-08-18 05:34 PDT by moz_bug_r_a4
Modified: 2008-10-29 10:09 PDT (History)
9 users (show)
dveditz: blocking1.8.1.17+
samuel.sidler+old: wanted1.8.1.x+
asac: blocking1.8.0.next+
See Also:
Crash Signature:


Attachments
simplest possible hack (1011 bytes, patch)
2008-08-18 15:01 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
for 1.8 (3.63 KB, patch)
2008-08-19 13:57 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
for trunk (4.43 KB, patch)
2008-08-19 13:57 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
for 1.9.0 (3.56 KB, patch)
2008-08-19 14:02 PDT, Olli Pettay [:smaug]
no flags Details | Diff | Splinter Review
for trunk (4.39 KB, patch)
2008-08-22 03:58 PDT, Olli Pettay [:smaug]
jonas: review+
jonas: superreview+
Details | Diff | Splinter Review
for 1.9.0 (3.59 KB, patch)
2008-08-22 04:06 PDT, Olli Pettay [:smaug]
jonas: review+
jonas: superreview+
dveditz: approval1.9.0.2+
Details | Diff | Splinter Review
for 1.8 (3.65 KB, patch)
2008-08-22 04:12 PDT, Olli Pettay [:smaug]
jonas: review+
jonas: superreview+
dveditz: approval1.8.1.17+
asac: approval1.8.0.next+
Details | Diff | Splinter Review

Summon comment box

Description moz_bug_r_a4 2008-08-18 05:34:30 PDT
This is similar to bug 448548.

This is fx2-only.  On fx2, document.loadBindingDocument() returns a document
that does not have a script handling object.  (On trunk and fx3.0.x, it does
not return anything.)
Comment 2 Olli Pettay [:smaug] 2008-08-18 08:40:22 PDT
I guess this is for me
Comment 3 Jonas Sicking (:sicking) 2008-08-18 15:01:09 PDT
There are possibly ways to get this to work in FF3 as well. It's harder to get a reference to the binding document, but it might still be possible. I don't think we intentionally try to prevent it.
Comment 4 Olli Pettay [:smaug] 2008-08-18 15:01:19 PDT
Created attachment 334347 [details] [review]
simplest possible hack

This is ugly, but the whole method is.
Fortunately the API has changed on 1.9.
Comment 5 Olli Pettay [:smaug] 2008-08-18 15:03:52 PDT
Perhaps for non-chrome (non-cached) xbl documents, the scripthandlingobject could be the same as what the bound document has.
Comment 6 Olli Pettay [:smaug] 2008-08-18 15:11:02 PDT
(In reply to comment #3)
> There are possibly ways to get this to work in FF3 as well. It's harder to get
> a reference to the binding document, but it might still be possible. I don't
> think we intentionally try to prevent it.
Perhaps disabling event handling on all loaded xbl documents would make sense.
Comment 7 Jonas Sicking (:sicking) 2008-08-18 15:58:31 PDT
Either of comment 5 or comment 6 makes sense to me. 6 might be a good idea for other reasons, as I doubt we expects events to happen in there.
Comment 8 Boris Zbarsky (:bz) 2008-08-18 17:59:24 PDT
I like comment 6 to.
Comment 9 Olli Pettay [:smaug] 2008-08-19 13:57:29 PDT
Created attachment 334556 [details] [review]
for 1.8
Comment 10 Olli Pettay [:smaug] 2008-08-19 13:57:57 PDT
Created attachment 334558 [details] [review]
for trunk
Comment 11 Olli Pettay [:smaug] 2008-08-19 14:02:40 PDT
Created attachment 334561 [details] [review]
for 1.9.0
Comment 12 Olli Pettay [:smaug] 2008-08-19 14:07:07 PDT
I'm not sure if DisableEventHandling is the right name for the method, since
it doesn't prevent running those deprecated event type specific listeners
(nsIFocusListener etc.). Such listeners can be implemented only in C++.
Comment 13 Olli Pettay [:smaug] 2008-08-22 03:58:47 PDT
Created attachment 335026 [details] [review]
for trunk
Comment 14 Olli Pettay [:smaug] 2008-08-22 04:06:05 PDT
Created attachment 335027 [details] [review]
for 1.9.0
Comment 15 Olli Pettay [:smaug] 2008-08-22 04:12:12 PDT
Created attachment 335028 [details] [review]
for 1.8
Comment 16 Daniel Veditz 2008-08-22 11:33:39 PDT
Comment on attachment 335027 [details] [review]
for 1.9.0

Approved for 1.9.0.2, a=dveditz for release-drivers.
Comment 17 Daniel Veditz 2008-08-22 11:34:08 PDT
Comment on attachment 335028 [details] [review]
for 1.8

Approved for 1.8.1.17, a=dveditz for release-drivers.
Comment 18 Stephen Donner [:stephend] 2008-08-29 20:16:43 PDT
Verified FIXED; I can reproduce using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16, but not Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080829 Firefox/2.0.0.17, with the testcase in comment 1.

Replacing fixed1.8.1.17 with verified1.8.1.17.
Comment 19 Alexander Sack 2008-08-31 16:31:25 PDT
Comment on attachment 335028 [details] [review]
for 1.8

a=asac for 1.8.0.15

Note You need to log in before you can comment on or make changes to this bug.