Inconsistent document container handling




DOM: Core & HTML
13 years ago
9 years ago


(Reporter: bz, Unassigned)


Dependency tree / graph
Bug Flags:
blocking1.8b5 -
blocking1.9 -

Firefox Tracking Flags

(Not tracked)


(Whiteboard: [ETA ?])

Before bfcache we had the invariant that a document's container was immutable
after document creation and was the docshell the document was in.  With bfcache,
this is still true _except_ for bfcached documents, which have a null container.

Should there really be a difference here between bfcache documents and other
documents that have been navigated away from?  That seems wrong to me.  We
should probably unset the container consistently, and make sure document
teardown still works right...

Also, should documents created via DOMImplementation really have a container
set?  That seems wrong to me.
I agree, but this is a separate issue from bfcache.  Unmarking dependency to get
it off the radar.
No longer blocks: 274784
Er...  We have an invariant that code may be depending on and that bfcache
violates.  Until we check that all code that uses this container deals with it
being null and that for a bfcached document this leads to the right behavior,
this is in fact a bfcache issue.  If such checking has already been done, then
my apologies; let me know and I'll remove the dependency in that case.
Blocks: 274784
pulling into beta for investigation
Target Milestone: --- → mozilla1.8beta4
Flags: blocking1.8b4+


12 years ago
Assignee: general → bryner


12 years ago
Whiteboard: [ETA ?]


12 years ago
Flags: blocking1.8b5+


12 years ago
Flags: blocking1.8b5+

Comment 4

12 years ago
bryner, have you had a chance to look into this? 

Comment 5

12 years ago
bryner's busy with other bug fixing. Who else could help here?
peterv, maybe?


Comment 7

12 years ago
We're not getting anywhere here. Who else can help? Johnny, Bryner, any ideas
here? Time is running out.
Without an actual example of somebody relying on this former invariant, we're
not going to block on this.
Flags: blocking1.8b5+ → blocking1.8b5-
Anyone calling GetScriptGlobalObject() is relying on it.
Calling it after nsDocument::Destroy, that is.
But do we have an case of that happening in-tree or in common extensionland?
We have at least some known in-tree cases; they're already covered by separate
bugs (eg XTF has this issue at document teardown).  I have no idea about
extensions.  The whole point of this bug was to either fix the issue or to check
that our in-tree consumers are OK with this.  Since the latter hasn't happened,
I can't tell you whether they're OK or not, clearly.


12 years ago
Flags: blocking1.9a1?


11 years ago
Flags: blocking1.9a1? → blocking1.9-
I think all of the issues we know about here have been addressed.
Last Resolved: 11 years ago
Resolution: --- → FIXED
Quick check turns up XBL code that definitely calls GetScriptGlobalObject() in cases when bfcache has nulled out the container (so whatever that code is trying to do doesn't work).  We do have a separate bug on that, but it sure isn't fixed...

Given that, I doubt that the code-reading that needs to happen here has been done.
Resolution: FIXED → ---
Reassigning my bugs, since I'm not actually working on them.
Assignee: bryner → nobody
QA Contact: ian → general


9 years ago
Component: DOM: Core → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.