Open Bug 1895699 Opened 1 year ago Updated 1 year ago

Delayed BoundFunctionObject callback fails silently when website uses a script inside an iframe to modify the parent DOM

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
Firefox 124
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: christophg+mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0

Steps to reproduce:

I've not been able to create a minimal reproducible example yet, but it can be reproduced on online shops using the Ecwid shop system with a LegacyFrontend script, e.g.:

BoundFunctionObjects passed as callbacks to native functions that execute after some delay (addEventListener, requestAnimationFrame, setTimeout, etc.) are (almost always, seemingly non-deterministically) not executed on the affected websites.

These websites run a script that creates a new iframe and inserts HTML that loads another script (https://d11s7fcxy18ubx.cloudfront.net/node/static/2024/2024-20917-g8034a8bca79801/ru.cdev.xnext.frontend.LegacyFrontend/48410E1E88A2B23ABE7FAE61EF15766C.cache.js) that accesses the DOM of the parent document. When this script is loaded, the described issue appears. It doesn't happen in Google Chrome. As far as I could check the script doesn't interfere with requestAnimationFrame etc. directly. The affected functions are not wrapped/overwritten.

To reproduce:

  1. Open one of the mentioned affected websites:
  2. Move the mouse cursor inside the content window to let their delayed scripts load.
  3. Open the console in developer tools.
  4. Enter the following Javascript code.

requestAnimationFrame(function () {
requestAnimationFrame(function () { console.log("ok"); }.bind(this))
}.bind(document.body));

Actual results:

The callback passed to the inner requestAnimationFrame is not executed, "ok" is not printed to the console.

The same happens for similar code using setTimeout or addEventListener when the passed callback is a BoundFunctionObject.

Expected results:

The callback passed to the inner requestAnimationFrame should have been executed after two frames. "ok" should have been printed to the console.

The Bugbug bot thinks this bug should belong to the 'Core::Widget: Gtk' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Widget: Gtk
Product: Firefox → Core
Component: Widget: Gtk → DOM: Core & HTML

Olli, do you know if this is a DOM issue or a....JS scope thingy?

Flags: needinfo?(smaug)

Is the iframe removed from DOM at some point before the functions should be executed?

Flags: needinfo?(smaug)
Flags: needinfo?(christophg+mozilla)

Is the iframe removed from DOM at some point before the functions should be executed?

As far as I can tell it isn't removed from the DOM. And even if I manually remove it from the DOM, all Javascript code in the context of the main window stays affected once the iframe's script had executed.

Flags: needinfo?(christophg+mozilla)
Severity: -- → S3
You need to log in before you can comment on or make changes to this bug.