Closed
Bug 269373
Opened 20 years ago
Closed 19 years ago
An OLD IE Javascript bug now hangs Mozilla
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
EXPIRED
People
(Reporter: spadesnihilist, Unassigned)
Details
(Keywords: hang)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041025 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a5) Gecko/20041025 this OLD Internet Explorer JS now crashes Mozilla: <html> <head> <script language="JavaScript"> <!-- // // Browser crashing bug found and reported by // Patrik Birgersson <float@aiasec.com> // As seen on Bugtraq, circa March 19th/20th, 2002 // function crashme () { var url = document.location if (document.images) { location.replace(url); } else { location.href = url; } crashme () } --> </script> </head> <body onLoad="crashme ()"> <center> <h3>IE Javascript Crash Test</h3> </center> </body> </html> Reproducible: Always Steps to Reproduce: 1. Run the HTML/JS included above. Actual Results: Mozilla locked up and had to be killed. In fact the faster the system the faster the lock-up. Expected Results: Nothing; it should generate an error.
|
||
Comment 1•20 years ago
|
||
So you expect Mozilla to detect the loop and display a dialog, asking the user if he wants to cancel it?
|
Reporter | |
Comment 2•20 years ago
|
||
Well, I would hope that a bug that no longer afflicts MS IE would not pester Mozilla in such a silly way. Is that too much to ask -- otherwise Mozilla is definitely better than IE. =)
this doesn't sound like a crash, and the odds of it being spidermonkey induced aren't very high.
Assignee: general → general
Component: JavaScript Engine → DOM: Level 0
QA Contact: pschwartau → ian
|
|
Reporter | |
Comment 4•20 years ago
|
||
Mozilla "locks" and must be killed -- what are the odds of the same code being injected other ways -- besides HTML/JS?
|
||
Comment 5•20 years ago
|
||
This is a hang, not a crash. Changing summary.
Keywords: hang
Summary: An OLD IE Javascript bug now crashes Mozilla → An OLD IE Javascript bug now hangs Mozilla
|
||
Comment 6•20 years ago
|
||
So the problem here is that messing with window.location somehow clears the callback count (possibly by switching us to a new JSContext?). As a result, the loop detection never kicks in.
|
||
Comment 7•20 years ago
|
||
Hmm, we could refrain from resetting the branch callback stuff when loading the same URL over top of itself, but then the obvious hackaround is to alternate URLS via a daisy-chain sequence of URLs. /be
|
|
Reporter | |
Comment 8•20 years ago
|
||
The problem I see is "deterministic intent". 1) does the browser support images? Of course; 2) then load a url, repeatedly ... 3) ... reference the _same_ url within document.location, again ... 4) ... but via location.replace or location.href ... A possible solution is to detect greater than 3 of these location.* commands in X milli-seconds - or whatever time cycle you feel is appropriate. You guys are the experts, so I'll leave my probably insane comments for your interpretation. =) -Sx-
|
||
Comment 9•20 years ago
|
||
This *is* also a problem in IE, so claiming that this is (In reply to comment #2) > Well, I would hope that a bug that no longer afflicts MS IE would not pester > Mozilla in such a silly way. > > Is that too much to ask -- otherwise Mozilla is definitely better than IE. > > =) Not to say that it's too much to ask for us to do something about this, but I took your code from the description of this bug and loaded it in IE, and IE also crashes on that page here (WinXP, SP2). Brendan, bz, we reset the branch callback counters/timers upon completion of script execution and I suspect that we end up executing this onload handler a bunch of times since it's a recurse-to-death function that we catch when we nest too deep, but by that point we've already told the docshell to reload, so we reload and start all over again... This won't be trivial to fix, and given that it's broken in IE too, I'm not too worried about it...
|
|
Reporter | |
Comment 10•20 years ago
|
||
About it crashing IE: Um, well my current version of IE does in fact catch the content and issue a warning. Now, if I were to *allow* it...
|
||
Comment 11•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
|
|
||
Comment 12•19 years ago
|
||
This bug has been automatically resolved after a period of inactivity (see above comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → EXPIRED
You need to log in
before you can comment on or make changes to this bug.
Description
•