Closed Bug 1288898 Opened 8 years ago Closed 8 years ago

Document::createEvent sometimes creates events with the initialized flag set

Categories

(Core :: DOM: Events, defect)

Product:
Core
Component:
DOM: Events
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla50
Tracking Flags:
Tracking Status
firefox50 --- fixed

People

(Reporter: Ms2ger, Assigned: smaug)

Details

Attachments

(2 files, 1 obsolete file)

event_creation_init.diff
4.27 KB, patch
masayuki
: review+
Details | Diff | Splinter Review
+new line
4.27 KB, patch
Details | Diff | Splinter Review 
Because EventDispatcher::CreateEvent() calls constructors for some arguments, and doesn't reset the flag. (In particular: DeviceOrientationEvent, HashChangeEvent, and PopStateEvent.)

This is tested in wpt's dom/events/EventTarget-dispatchEvent.html. (It is currently broken; I'm fixing it in <https://github.com/w3c/web-platform-tests/pull/3326>.)
Olli, wdyt?
Flags: needinfo?(bugs)
Attached patch event_creation_init.diff (obsolete) — Splinter Review 
Ms2ger, I assume wpt will have tests for this stuff.
Assignee: nobody → bugs
Flags: needinfo?(bugs) → needinfo?(Ms2ger)
Attachment #8775733 - Flags: review?(masayuki)

        Attachment #8775733 -
        Attachment is obsolete: true

        Attachment #8775733 -
        Flags: review?(masayuki)

        Attachment #8775734 -
        Flags: review?(masayuki)

    
    

    
  
MarkUninitialized() is perhaps a bit silly, but document.createEvent() is legacy method and no new event types should be created that way, so quick and dirty approach is fine here.

    
    

    
  
Comment on attachment 8775734 [details] [diff] [review]
event_creation_init.diff

>   if (aEventType.LowerCaseEqualsLiteral("deviceorientationevent")) {
>     DeviceOrientationEventInit init;
>-    return DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init);
>+    RefPtr<Event> event =
>+      DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init);
>+    event->MarkUninitialized();
>+    return event.forget();
>   }

Hmm, looks like that this causes same crash with:

var event = new DeviceOrientationEvent("", {});

, isn't it? And this is not good for maintenance.

Why don't you call MarkUninitialized() automatically in Construnctor() when event name is EmptyString()?
https://dxr.mozilla.org/mozilla-central/rev/db3ed1fdbbeaf5ab1e8fe454780146e7499be3db/dom/bindings/Codegen.py#16578-16592

    
    

    
  
Because empty string is valid for initializing an Event. But createEvent() shouldn't initialize events.

    
    

    
  
The test won't start passing due to <https://github.com/w3c/web-platform-tests/pull/3326>; feel free to land without a test for now.
Flags: needinfo?(Ms2ger)
Flags: needinfo?(masayuki)

    
    

    
  
(In reply to Olli Pettay [:smaug] from comment #6)
> Because empty string is valid for initializing an Event. But createEvent()
> shouldn't initialize events.

Yeah, I understand that. But what's the cause of this crash?
Flags: needinfo?(masayuki) → needinfo?(bugs)

    
    

    
  
Oops, I misread "creates" as "crashes"... Okay, I'll give r+.
Flags: needinfo?(bugs)

    
    

    
  
Comment on attachment 8775734 [details] [diff] [review]
event_creation_init.diff

>   static nsIContent* GetShadowRelatedTarget(nsIContent* aCurrentTarget,
>                                             nsIContent* aRelatedTarget);
> 
>+  void MarkUninitialized()
>+  {
>+    mEvent->mMessage = eVoidEvent;
>+    mEvent->mSpecifiedEventTypeString.Truncate();
>+    mEvent->mSpecifiedEventType = nullptr;
>+  }
> protected:

nit: please insert an empty line before |protected:|.

Sorry for misunderstanding the purpose of this bug.

        Attachment #8775734 -
        Flags: review?(masayuki) → review+

    
    

    
  
Pushed by opettay@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/86a982b73d1b
Document::createEvent sometimes creates events with the initialized flag set, r=masayuki

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/86a982b73d1b
Status: NEW → RESOLVED
Closed: 8 years ago

          status-firefox50:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: