Closed
Bug 1161384
Opened 9 years ago
Closed 9 years ago
Do not fire content mutation event on changes to nsCanvasFrame's anonymous content
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox40 | --- | affected |
People
(Reporter: TYLin, Assigned: TYLin)
References
Details
Follow-up for 1110039 comment 52. When running "./mach crashtest layout/base/crashtests/897852.html", we have a issue that the frame tree will be destructed after constructing the first AccessibleCaret. We protected it by adding nsAutoScriptBlocker in AccessibleCaretEventHub::Init(). The full callstack without nsAutoScriptBlocker: https://pastebin.mozilla.org/8832301 roc suggested in bug 1110039 comment 52 that we should fix in a different way --- content mutation event listeners should not fire on changes to the nsCanvasFrame's anonymous content.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → tlin
Assignee | ||
Comment 1•9 years ago
|
||
I've tried to use |aNotify = false| when calling AppendChildTo() in nsIDocument::InsertAnonymousContent() in [1] so that no mutation event will be sent when inserting anonymous content. However, the crash still happens when no nsAutoScriptBlocker is protecting AccessibleCaretEventHub::Init(). The reason is that 897852.html have a contenteditable html, and it listens DOMNodeInserted to remove a dom node. After constructing the first AccessibleCaret, nsEditor will insert some nodes to make the window editable as the callstack shown in [2]. When the script runs later, the callback in 897852.html removes a dom node, and makes the frame tree destroyed as shown in the callstack in Description. As a result, I think we still need the nsAutoScriptBlocker to prevent any Javascript function being running to destroy the frame tree during the construction of AccessibleCaretEventHub. [1] https://hg.mozilla.org/mozilla-central/file/ff2e07228041/dom/base/nsDocument.cpp#l5331 [2] https://pastebin.mozilla.org/8834807
Assignee | ||
Comment 2•9 years ago
|
||
Base on comment 1, I'll keep the nsAutoScriptBlocker in AccessibleCaretEventHub::Init() and close this issue.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•