Closed
Bug 11027
Opened 25 years ago
Closed 25 years ago
<html:...> in javascript in xul file crashes browser
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
M9
People
(Reporter: morse, Assigned: waterson)
Details
The short xul file shown below causes the browser to crash. Replacing <html:form..> with <html:form...> and </html:form> with </html:form> removes the crash. Stack trace is shown below as well. HERE IS THE XUL FILE: <?xml version="1.0"?> <!DOCTYPE window> <xul:window xmlns="http://www.w3.org/TR/REC-html40" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload = "dump('hello once more');"> <script> function loadFrames(){ top.frames[1].document.open(); top.frames[1].document.write( "<html:form name='buttons'>" + "</html:form>" ); top.frames[1].document.close(); } </script> <frameset rows = "50,25 onload="loadFrames();"> <frame src="about:blank"/> <frame src="about:blank"/> </frameset> </xul:window> AND HERE IS THE STACK TRACE: NTDLL! 77f76274() XULContentSinkImpl::OpenContainer(XULContentSinkImpl * const 0x0a187b80, const nsIParserNode & {...}) line 620 + 35 bytes CWellFormedDTD::HandleToken(CWellFormedDTD * const 0x0a32b350, CToken * 0x09c0ce90, nsIParser * 0x0a183120) line 530 + 22 bytes CWellFormedDTD::BuildModel(CWellFormedDTD * const 0x0a32b350, nsIParser * 0x0a183120, nsITokenizer * 0x0a32b240, nsITokenObserver * 0x00000000, nsIContentSink * 0x0a187b80) line 253 + 20 bytes nsParser::BuildModel() line 941 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 886 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x0a183124, nsIChannel * 0x0a7d4bf0, nsISupports * 0x00000000, nsIInputStream * 0x0a7d4660, unsigned int 0, unsigned int 625) line 1168 + 19 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x0a7d7920, nsIChannel * 0x0a7d4bf0, nsISupports * 0x00000000, nsIInputStream * 0x0a7d4660, unsigned int 0, unsigned int 625) line 2046 + 32 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0a7d7990) line 350 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0a7d7994) line 149 + 12 bytes PL_HandleEvent(PLEvent * 0x0a7d7994) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ad4f40) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x02d2034e, unsigned int 49387, unsigned int 0, long 11358016) line 932 + 9 bytes USER32! 77e71268() 00ad4f40()
|
Reporter | |
Updated•25 years ago
|
Summary: <html:...> in xul file crashes browser → <html:...> in javascript in xul file crashes browser
|
|
Reporter | |
Comment 1•25 years ago
|
||
Added the word "javascript" to summary line. This is obviously significant
because the crash occurs on the following assertion which is explicitly testing
for being inside javascript:
case eXULContentSinkState_InScript:
PR_ASSERT(0);
Even though this is just an assert failure, attempting to resume from this
causes second assert failure (stack trace below) and resuming from that results
in termination of the browser.
_NMSG_WRITE(int 10) line 221
abort() line 44 + 7 bytes
PR_Assert(const char * 0x013d8fe0, const char * 0x013d8fac, int 620) line 483
XULContentSinkImpl::OpenContainer(XULContentSinkImpl * const 0x0a192f60, const
nsIParserNode & {...}) line 620 + 35 bytes
CWellFormedDTD::HandleToken(CWellFormedDTD * const 0x0a2f9f20, CToken *
0x09c0ce90, nsIParser * 0x0a192be0) line 530 + 22 bytes
CWellFormedDTD::BuildModel(CWellFormedDTD * const 0x0a2f9f20, nsIParser *
0x0a192be0, nsITokenizer * 0x0a2fac50, nsITokenObserver * 0x00000000,
nsIContentSink * 0x0a192f60) line 253 + 20 bytes
nsParser::BuildModel() line 941 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 886 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x0a192be4, nsIChannel * 0x0a1a24c0,
nsISupports * 0x00000000, nsIInputStream * 0x0a17fe70, unsigned int 0, unsigned
int 625) line 1168 + 19 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x0a7267d0,
nsIChannel * 0x0a1a24c0, nsISupports * 0x00000000, nsIInputStream * 0x0a17fe70,
unsigned int 0, unsigned int 625) line 2046 + 32 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0a187cb0)
line 350
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0a187cb4) line 149 + 12 bytes
PL_HandleEvent(PLEvent * 0x0a187cb4) line 509 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ad4f40) line 470 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x20aa00a0, unsigned int 49387, unsigned int 0,
long 11358016) line 932 + 9 bytes
USER32! 77e71268()
00ad4f40()
|
||
Updated•25 years ago
|
Assignee: gagan → waterson
|
|
||
Comment 2•25 years ago
|
||
Chris, can you check this one out? Thanks.
|
Assignee | |
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M9
|
|
Assignee | |
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 3•25 years ago
|
||
Replaced PR_ASSERT with PR_LOG message so debug build doesn't abort. FWIW, you _cannot_ place '<' or '>' inside a script block; the XML parser doesn't like that. You should either 1. Use < or > to encode the entity 2. Place the text inside a CDATA section 3. Put your JS in a separate file. For more info, see http://www.mozilla.org/xpfe/xptoolkit/xulintro.html, "Scripting".
|
||
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Comment 4•25 years ago
|
||
this looks exceptionally ugly but it doesn't seem to crash anymore, marking verified. Steve, is the behavior ok for you now?
|
|
Reporter | |
Comment 5•25 years ago
|
||
I can live with it.
Bulk move of all Necko (to be deleted component) bugs to new Networking component.
You need to log in
before you can comment on or make changes to this bug.
Description
•