Closed
Bug 1288898
Opened 8 years ago
Closed 8 years ago
Document::createEvent sometimes creates events with the initialized flag set
Categories
(Core :: DOM: Events, defect)
Core
DOM: Events
Tracking
()
RESOLVED
FIXED
mozilla50
Tracking | Status | |
---|---|---|
firefox50 | --- | fixed |
People
(Reporter: Ms2ger, Assigned: smaug)
Details
Attachments
(2 files, 1 obsolete file)
4.27 KB,
patch
|
masayuki
:
review+
|
Details | Diff | Splinter Review |
4.27 KB,
patch
|
Details | Diff | Splinter Review |
Because EventDispatcher::CreateEvent() calls constructors for some arguments, and doesn't reset the flag. (In particular: DeviceOrientationEvent, HashChangeEvent, and PopStateEvent.) This is tested in wpt's dom/events/EventTarget-dispatchEvent.html. (It is currently broken; I'm fixing it in <https://github.com/w3c/web-platform-tests/pull/3326>.)
Assignee | ||
Comment 2•8 years ago
|
||
Ms2ger, I assume wpt will have tests for this stuff.
Assignee: nobody → bugs
Flags: needinfo?(bugs) → needinfo?(Ms2ger)
Attachment #8775733 -
Flags: review?(masayuki)
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8775733 -
Attachment is obsolete: true
Attachment #8775733 -
Flags: review?(masayuki)
Attachment #8775734 -
Flags: review?(masayuki)
Assignee | ||
Comment 4•8 years ago
|
||
MarkUninitialized() is perhaps a bit silly, but document.createEvent() is legacy method and no new event types should be created that way, so quick and dirty approach is fine here.
Comment 5•8 years ago
|
||
Comment on attachment 8775734 [details] [diff] [review] event_creation_init.diff > if (aEventType.LowerCaseEqualsLiteral("deviceorientationevent")) { > DeviceOrientationEventInit init; >- return DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init); >+ RefPtr<Event> event = >+ DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init); >+ event->MarkUninitialized(); >+ return event.forget(); > } Hmm, looks like that this causes same crash with: var event = new DeviceOrientationEvent("", {}); , isn't it? And this is not good for maintenance. Why don't you call MarkUninitialized() automatically in Construnctor() when event name is EmptyString()? https://dxr.mozilla.org/mozilla-central/rev/db3ed1fdbbeaf5ab1e8fe454780146e7499be3db/dom/bindings/Codegen.py#16578-16592
Assignee | ||
Comment 6•8 years ago
|
||
Because empty string is valid for initializing an Event. But createEvent() shouldn't initialize events.
Reporter | ||
Comment 7•8 years ago
|
||
The test won't start passing due to <https://github.com/w3c/web-platform-tests/pull/3326>; feel free to land without a test for now.
Flags: needinfo?(Ms2ger)
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(masayuki)
Comment 8•8 years ago
|
||
(In reply to Olli Pettay [:smaug] from comment #6) > Because empty string is valid for initializing an Event. But createEvent() > shouldn't initialize events. Yeah, I understand that. But what's the cause of this crash?
Flags: needinfo?(masayuki) → needinfo?(bugs)
Comment 9•8 years ago
|
||
Oops, I misread "creates" as "crashes"... Okay, I'll give r+.
Flags: needinfo?(bugs)
Comment 10•8 years ago
|
||
Comment on attachment 8775734 [details] [diff] [review] event_creation_init.diff > static nsIContent* GetShadowRelatedTarget(nsIContent* aCurrentTarget, > nsIContent* aRelatedTarget); > >+ void MarkUninitialized() >+ { >+ mEvent->mMessage = eVoidEvent; >+ mEvent->mSpecifiedEventTypeString.Truncate(); >+ mEvent->mSpecifiedEventType = nullptr; >+ } > protected: nit: please insert an empty line before |protected:|. Sorry for misunderstanding the purpose of this bug.
Attachment #8775734 -
Flags: review?(masayuki) → review+
Assignee | ||
Comment 11•8 years ago
|
||
Comment 12•8 years ago
|
||
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/86a982b73d1b Document::createEvent sometimes creates events with the initialized flag set, r=masayuki
Comment 13•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/86a982b73d1b
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•