Closed
Bug 303260
Opened 19 years ago
Closed 18 years ago
if there is no root element, keyboard shortcuts and the context menu do not work [@ nsContentList::nsContentList]
Categories
(Core :: DOM: Events, defect)
Core
DOM: Events
Tracking
()
RESOLVED
FIXED
People
(Reporter: grantwohl+mozbug, Assigned: MatsPalmgren_bugz)
References
(Blocks 1 open bug, )
Details
(Keywords: access, crash, testcase)
Crash Data
Attachments
(4 files)
272 bytes,
text/html
|
Details | |
3.21 KB,
text/plain
|
Details | |
5.76 KB,
patch
|
MatsPalmgren_bugz
:
review+
roc
:
superreview+
|
Details | Diff | Splinter Review |
2.39 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050802 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050802 Firefox/1.0+
If there is no root element, keyboard shortcuts and the context menu do not work.
Reproducible: Always
Steps to Reproduce:
1.Load any XHTML/HTML/XML document.
2.Use the DOM Inspector to remove the root element(usually "html"), or use a
bookmarklet:<javascript:void(document.removeChild(document.getElementsByTagName("*")[0]))>
3.Try to use a keyboard shortcut (e.g., CTRL+W) or try to bring up the context menu.
Actual Results:
Nothing happenend.
Expected Results:
Either the keyboard shortcut action should have happened or the context menu
should have been brought up.
Reporter | ||
Comment 1•19 years ago
|
||
If you remove "document.documentElement" the same thing occurs.
Reporter | ||
Comment 2•19 years ago
|
||
Reporter | ||
Updated•19 years ago
|
Comment 3•19 years ago
|
||
Why would anyone ever remove the root element?
Reporter | ||
Comment 4•19 years ago
|
||
(In reply to comment #3)
> Why would anyone ever remove the root element?
I don't know.
Comment 5•19 years ago
|
||
> Why would anyone ever remove the root element?
Why wouldn't they? We shouldn't break when it happens.
Assignee: general → events
Status: UNCONFIRMED → NEW
Component: DOM → DOM: Events
Ever confirmed: true
Comment 6•19 years ago
|
||
It's not a "major" bug, IMHO. But it is a valid bug.
Severity: major → normal
Comment 7•19 years ago
|
||
It's pretty major for keyboard-only users (see "access" keyword).
Severity: normal → major
Updated•19 years ago
|
Assignee: events → mats.palmgren
Comment 8•19 years ago
|
||
Furthermore, this bug is forcing us to have buggy and insecure code elsewhere in the product to work around it. See bug 341730.
Aaron, Mats, is the issue that nsEventStateManager::ShiftFocusInternal screws this up or something?
OS: Windows XP → All
Hardware: PC → All
Flags: blocking1.9a1?
Assignee | ||
Comment 9•19 years ago
|
||
I'll have a look...
I see reproducable crash for the following:
1. start seamonkey
2. click on throbber
3. load the URL from this bug
4. click on throbber -> crash
0x41204bfb in nsContentList (this=0x88fa710, aRootNode=0x0, aMatchAtom=0x80af380, aMatchNameSpaceId=-1, aDeep=0) at nsContentList.cpp:346
346 mRootNode->AddMutationObserver(this);
(gdb) p mRootNode
$1 = (class nsINode *) 0x0
Before the crash I see:
###!!! ASSERTION: content list has to have a root: 'aRootNode', file nsContentList.cpp, line 248
###!!! ASSERTION: Must have root: 'mRootNode', file nsContentList.cpp, line 339
Severity: major → critical
Keywords: crash
Summary: if there is no root element, keyboard shortcuts and the context menu do not work → if there is no root element, keyboard shortcuts and the context menu do not work [@ nsContentList::nsContentList]
Assignee | ||
Comment 10•19 years ago
|
||
Comment 11•19 years ago
|
||
Hmm... So is the problem that Destroy() has already been called so that OnPageHide has a null mRootContent?
Note that the crash is a separate bug from what this bug is actually about; it indicates that either OnPageHide is broken as designed or that we really do need to not null out mRootContent in nsDocument::Destroy. Please file a separate bug on that?
Comment 12•19 years ago
|
||
The presshell parts of this fix this bug for me, as far as I can tell.
The docshell parts make tabbing to the rootless document focus its content area; not sure whether we even want that, since any key will blur it, per the presshell code.
Assignee | ||
Comment 13•19 years ago
|
||
(In reply to comment #11)
> Hmm... So is the problem that Destroy() has already been called so that
> OnPageHide has a null mRootContent?
It was RemoveChildAt() that made mRootContent null:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/content/base/src/nsDocument.cpp&rev=3.663&root=/cvsroot&mark=1869,1883#1863
This patch fixes the crash at least. I also reviewed the rest of
nsDocument.cpp and it looks mRootContent-null-safe AFAICT.
Attachment #229521 -
Flags: review?(bzbarsky)
Comment 14•19 years ago
|
||
Comment on attachment 229521 [details] [diff] [review]
Patch A rev. 1 (fixes the crash)
Ah, right. This looks good. Thanks!
Attachment #229521 -
Flags: superreview+
Attachment #229521 -
Flags: review?(bzbarsky)
Attachment #229521 -
Flags: review+
Assignee | ||
Comment 15•19 years ago
|
||
Comment on attachment 229521 [details] [diff] [review]
Patch A rev. 1 (fixes the crash)
Checked in to trunk at 2006-07-18 20:53 PDT.
Assignee | ||
Comment 16•19 years ago
|
||
Comment on attachment 229517 [details] [diff] [review]
Some indication of what's up
So, should we take only the pres shell bits for now?
r=me on both changes (FWIW), but I think only pres shell is needed here.
Comment 17•19 years ago
|
||
I really have no idea; I don't know the code well enough to tell.
Updated•18 years ago
|
Attachment #229517 -
Flags: superreview?(roc)
Attachment #229517 -
Flags: review?(mats.palmgren)
Assignee | ||
Comment 18•18 years ago
|
||
Comment on attachment 229517 [details] [diff] [review]
Some indication of what's up
Looks good. r=mats
Attachment #229517 -
Flags: review?(mats.palmgren) → review+
Flags: blocking1.9a1? → blocking1.9+
Attachment #229517 -
Flags: superreview?(roc) → superreview+
Comment 19•18 years ago
|
||
Checked in the presshell and docshell fixes too. This puppy is fixed.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Updated•14 years ago
|
Crash Signature: [@ nsContentList::nsContentList]
You need to log in
before you can comment on or make changes to this bug.
Description
•