Do not fire content mutation event on changes to nsCanvasFrame's anonymous content

RESOLVED WONTFIX

Status

()

Core
Layout
RESOLVED WONTFIX
3 years ago
3 years ago

People

(Reporter: TYLin, Assigned: TYLin)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox40 affected)

Details

Follow-up for 1110039 comment 52.

When running "./mach crashtest layout/base/crashtests/897852.html", we have a issue that the frame tree will be destructed after constructing the first AccessibleCaret. We protected it by adding nsAutoScriptBlocker in AccessibleCaretEventHub::Init(). 

The full callstack without nsAutoScriptBlocker: https://pastebin.mozilla.org/8832301

roc suggested in bug 1110039 comment 52 that we should fix in a different way --- content mutation event listeners should not fire on changes to the nsCanvasFrame's anonymous content.
Assignee: nobody → tlin
I've tried to use |aNotify = false| when calling AppendChildTo() in nsIDocument::InsertAnonymousContent() in [1] so that no mutation event will be sent when inserting anonymous content. However, the crash still happens when no nsAutoScriptBlocker is protecting AccessibleCaretEventHub::Init(). The reason is that 897852.html have a contenteditable html, and it listens DOMNodeInserted to remove a dom node. After constructing the first AccessibleCaret, nsEditor will insert some nodes to make the window editable as the callstack shown in [2]. When the script runs later, the callback in 897852.html removes a dom node, and makes the frame tree destroyed as shown in the callstack in Description.

As a result, I think we still need the nsAutoScriptBlocker to prevent any Javascript function being running to destroy the frame tree during the construction of AccessibleCaretEventHub. 

[1] https://hg.mozilla.org/mozilla-central/file/ff2e07228041/dom/base/nsDocument.cpp#l5331
[2] https://pastebin.mozilla.org/8834807
Base on comment 1, I'll keep the nsAutoScriptBlocker in AccessibleCaretEventHub::Init() and close this issue.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.