Closed
Bug 11027
Opened 25 years ago
Closed 25 years ago
<html:...> in javascript in xul file crashes browser
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
M9
People
(Reporter: morse, Assigned: waterson)
Details
The short xul file shown below causes the browser to crash. Replacing <html:form..> with <html:form...> and </html:form> with </html:form> removes the crash. Stack trace is shown below as well. HERE IS THE XUL FILE: <?xml version="1.0"?> <!DOCTYPE window> <xul:window xmlns="http://www.w3.org/TR/REC-html40" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload = "dump('hello once more');"> <script> function loadFrames(){ top.frames[1].document.open(); top.frames[1].document.write( "<html:form name='buttons'>" + "</html:form>" ); top.frames[1].document.close(); } </script> <frameset rows = "50,25 onload="loadFrames();"> <frame src="about:blank"/> <frame src="about:blank"/> </frameset> </xul:window> AND HERE IS THE STACK TRACE: NTDLL! 77f76274() XULContentSinkImpl::OpenContainer(XULContentSinkImpl * const 0x0a187b80, const nsIParserNode & {...}) line 620 + 35 bytes CWellFormedDTD::HandleToken(CWellFormedDTD * const 0x0a32b350, CToken * 0x09c0ce90, nsIParser * 0x0a183120) line 530 + 22 bytes CWellFormedDTD::BuildModel(CWellFormedDTD * const 0x0a32b350, nsIParser * 0x0a183120, nsITokenizer * 0x0a32b240, nsITokenObserver * 0x00000000, nsIContentSink * 0x0a187b80) line 253 + 20 bytes nsParser::BuildModel() line 941 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 886 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x0a183124, nsIChannel * 0x0a7d4bf0, nsISupports * 0x00000000, nsIInputStream * 0x0a7d4660, unsigned int 0, unsigned int 625) line 1168 + 19 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x0a7d7920, nsIChannel * 0x0a7d4bf0, nsISupports * 0x00000000, nsIInputStream * 0x0a7d4660, unsigned int 0, unsigned int 625) line 2046 + 32 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0a7d7990) line 350 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0a7d7994) line 149 + 12 bytes PL_HandleEvent(PLEvent * 0x0a7d7994) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ad4f40) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x02d2034e, unsigned int 49387, unsigned int 0, long 11358016) line 932 + 9 bytes USER32! 77e71268() 00ad4f40()
Reporter | ||
Updated•25 years ago
|
Summary: <html:...> in xul file crashes browser → <html:...> in javascript in xul file crashes browser
Reporter | ||
Comment 1•25 years ago
|
||
Added the word "javascript" to summary line. This is obviously significant because the crash occurs on the following assertion which is explicitly testing for being inside javascript: case eXULContentSinkState_InScript: PR_ASSERT(0); Even though this is just an assert failure, attempting to resume from this causes second assert failure (stack trace below) and resuming from that results in termination of the browser. _NMSG_WRITE(int 10) line 221 abort() line 44 + 7 bytes PR_Assert(const char * 0x013d8fe0, const char * 0x013d8fac, int 620) line 483 XULContentSinkImpl::OpenContainer(XULContentSinkImpl * const 0x0a192f60, const nsIParserNode & {...}) line 620 + 35 bytes CWellFormedDTD::HandleToken(CWellFormedDTD * const 0x0a2f9f20, CToken * 0x09c0ce90, nsIParser * 0x0a192be0) line 530 + 22 bytes CWellFormedDTD::BuildModel(CWellFormedDTD * const 0x0a2f9f20, nsIParser * 0x0a192be0, nsITokenizer * 0x0a2fac50, nsITokenObserver * 0x00000000, nsIContentSink * 0x0a192f60) line 253 + 20 bytes nsParser::BuildModel() line 941 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 886 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x0a192be4, nsIChannel * 0x0a1a24c0, nsISupports * 0x00000000, nsIInputStream * 0x0a17fe70, unsigned int 0, unsigned int 625) line 1168 + 19 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x0a7267d0, nsIChannel * 0x0a1a24c0, nsISupports * 0x00000000, nsIInputStream * 0x0a17fe70, unsigned int 0, unsigned int 625) line 2046 + 32 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0a187cb0) line 350 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0a187cb4) line 149 + 12 bytes PL_HandleEvent(PLEvent * 0x0a187cb4) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ad4f40) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x20aa00a0, unsigned int 49387, unsigned int 0, long 11358016) line 932 + 9 bytes USER32! 77e71268() 00ad4f40()
Updated•25 years ago
|
Assignee: gagan → waterson
Comment 2•25 years ago
|
||
Chris, can you check this one out? Thanks.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M9
Assignee | ||
Updated•25 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•25 years ago
|
||
Replaced PR_ASSERT with PR_LOG message so debug build doesn't abort. FWIW, you _cannot_ place '<' or '>' inside a script block; the XML parser doesn't like that. You should either 1. Use < or > to encode the entity 2. Place the text inside a CDATA section 3. Put your JS in a separate file. For more info, see http://www.mozilla.org/xpfe/xptoolkit/xulintro.html, "Scripting".
Updated•25 years ago
|
Status: RESOLVED → VERIFIED
Comment 4•25 years ago
|
||
this looks exceptionally ugly but it doesn't seem to crash anymore, marking verified. Steve, is the behavior ok for you now?
Reporter | ||
Comment 5•25 years ago
|
||
I can live with it.
Bulk move of all Necko (to be deleted component) bugs to new Networking component.
You need to log in
before you can comment on or make changes to this bug.
Description
•