Closed Bug 103353 Opened 24 years ago Closed 23 years ago

Crash when frame or iframe has SRC="javascript:window.close()"

Categories

(Core :: Layout, defect, P1)

x86
All
defect

Tracking

()

RESOLVED WORKSFORME
Future

People

(Reporter: donguana, Assigned: attinasi)

References

Details

(Keywords: crash)

Attachments

(3 files)

The following code will crash mozilla. I tried it with 0.9.4 and the nightly build of oct 5. <FRAMESET COLS="100%"> <FRAME SRC="javascript:window.close()"> </FRAMESET>
Attached file Reporter's testcase
Confirming crash; Mozilla trunk binaries 20011004xx WinNT, Linux, Mac 9.1. This has nothing to do with JS Engine; reassigning to Layout. OS : Win --> All.
Assignee: rogerl → attinasi
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Layout
Ever confirmed: true
OS: Windows NT → All
QA Contact: pschwartau → petersen
Accepting: the mContent is null in the frameset frame - adding code to handle that.
Status: NEW → ASSIGNED
Keywords: crash
Priority: -- → P1
Target Milestone: --- → mozilla0.9.6
Never mind that - this is much worse. The frameset frame is being destroyed, then later reflowed. Reflowing a destroyed frame is generally not a good idea...
This kills me too: <body> <iframe SRC="javascript:window.close()"></iframe> </body> The stack is different, pointing to some nasty recursion, but I think the underlying problem is really the same, namely that the Frame's Init method is what loads the URL, and in this case it ends up closing the window, destroying all the frames, and leaving the stack a giant heap of garbage.
rewording of summary
Summary: Crash when using javascript withing frame attribute → Crash when frame or iframe has SRC="javascript:window.close()"
Moving this edge-case out to later milestone. I doubt there are many pages written like this (unless they are trying to do nasty things).
Target Milestone: mozilla0.9.6 → mozilla1.0.1
Related to bug 103997
*** Bug 99001 has been marked as a duplicate of this bug. ***
*** Bug 97015 has been marked as a duplicate of this bug. ***
Moving Mozilla 1.01 bugs to 'future' milestone with priority P1 I will be pulling bugs from 'future' milestones when scheduling later work.
Target Milestone: mozilla1.0.1 → Future
Good news I think. Works for me. I tested it with Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1 and it crashed so I could be sure that the bug reproduces on my computer. Then I tested the case again with both of the following versions and it didn't crash: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.0rc2) Gecko/20020428 Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.0rc2) Gecko/20020510
WFM too (WinXP/1.0.0 aka 2002053012) please close it :)
Closing as WFM based on comment 14 and comment 15
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: