Closed
Bug 293633
Opened 19 years ago
Closed 19 years ago
Browser crashes after copying javascript containing document.write from iframe to main window [@ nsGenericElement::InsertChildAt]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 240592
People
(Reporter: asefkow, Unassigned)
References
()
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 Firefox crashes when copying a script containing document.write() from an iframe to the main window. If the script does not contain document.write(), then it works fine. Reproducible: Always Steps to Reproduce: 1. Download frames4.zip from the URL above, to your local machine. 2. Open START.htm 3. Click the link in the browser Actual Results: Firefox crashes (the process ends) Expected Results: Content should be written to the DIV, as it does in IE I would actually prefer to use cloneNode() to copy the script, but this has its own problems, specifically bug 283389 (see the two testcases in my latest comments there).
|
||
Comment 1•19 years ago
|
||
Can you provide a talkback ID for the crash? Maybe related to bug 293388?
Incident ID: 5722463 Stack Signature nsGenericElement::InsertChildAt 10ad08d8 Product ID Firefox10 Build ID 2005041417 Trigger Time 2005-05-10 09:05:06.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module FIREFOX.EXE + (00163f3d) URL visited User Comments Since Last Crash 3 sec Total Uptime 185816 sec Trigger Reason Access violation Source File, Line No. d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2521 Stack Trace nsGenericElement::InsertChildAt [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2521] nsGenericElement::doInsertBefore [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsGenericElement.cpp, line 2888] nsHTMLBodyElement::AppendChild [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/html/content/src/nsHTMLBodyElement. cpp, line 103] XPCWrappedNative::CallMethod [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2034] XPC_WN_CallMethod [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops. cpp, line 1781] js_Invoke [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 949] js_Interpret [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 2993] js_Invoke [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 966] js_InternalInvoke [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsinterp.c, line 1043] JS_CallFunctionValue [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/js/src/jsapi.c, line 3698] nsJSContext::CallEventHandler [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp, line 1297] nsJSEventListener::HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/events/nsJSEventListener.cpp, line 184] nsEventListenerManager::HandleEventSubType [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/events/src/nsEventListenerManager.c pp, line 1436] nsEventListenerManager::HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/events/src/nsEventListenerManager.c pp, line 1516] GlobalWindowImpl::HandleDOMEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/dom/src/base/nsGlobalWindow.cpp, line 927] DocumentViewerImpl::LoadComplete [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/content/base/src/nsDocumentViewer.cpp, line 917] nsDocShell::EndPageLoad [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsDocShell.cpp, line 4602] nsWebShell::EndPageLoad [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsWebShell.cpp, line 760] nsDocShell::OnStateChange [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/docshell/base/nsDocShell.cpp, line 4536] nsDocLoaderImpl::FireOnStateChange [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 1252] nsDocLoaderImpl::doStopDocumentLoad [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 873] nsDocLoaderImpl::OnStopRequest [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/uriloader/base/nsDocLoader.cpp, line 701] nsLoadGroup::RemoveRequest [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/netwerk/base/src/nsLoadGroup.cpp, line 695] PresShell::RemoveDummyLayoutRequest [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 6581] PresShell::ProcessReflowCommands [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 6454] ReflowEvent::HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/html/base/src/nsPresShell.cpp, line 6226] PL_HandleEvent [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/xpcom/threads/plevent.c, line 674] 0x778b0c24 nsMathMLmsubFrame::PlaceSubScript [d:/builds/tinderbox/Fx- Aviary1.0.1/WINNT_5.0_Depend/mozilla/layout/mathml/base/src/nsMathMLmsubFrame.cp p, line 126] 0x458d563d
Assignee: nobody → general
Component: General → DOM: Core
Product: Firefox → Core
QA Contact: general → ian
Summary: Browser crashes after copying javascript containing document.write from iframe to main window → Browser crashes after copying javascript containing document.write from iframe to main window [@ nsGenericElement::InsertChildAt]
Version: unspecified → 1.7 Branch
*** This bug has been marked as a duplicate of 240592 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
|
|
||
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•