Closed Bug 319578 Opened 19 years ago Closed 19 years ago

scriptable plugin with callback containing <p> (paragraph HTML tag) destroys NPP object

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mark_boudreau, Unassigned)

Details

(Keywords: crash, stackwanted) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051207 SeaMonkey/1.5a
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051207 SeaMonkey/1.5a

I've created a plugin that fetches information from different websites and sends them to callback functions in javascript.  However, any callback containing '<p>' has caused the plugin to destroy its NPP object.  Other tags, such as '<br>', have not had this issue.

Basically, I am looping through various results and sending them back to the same javascript function, but when <p> is passed to javascript and the NPP object is destroyed, the browser crashes.

This happens when I try to call:
NPN_Evaluate(NPP npp, NPObject* obj, NPString *script,NPVariant *result)

I call this function many times with different values for 'script', but sending a value for 'script' that has a paragraph HTML tag in it causes the plugin to destroy the NPP object, and I can no longer use it.

Once the NPP object is destroyed, any attempt to use it causes the browser to crash.

Reproducible: Always

Steps to Reproduce:
1.Create a plugin that sends information to functions in javascript.
2.Have one of the things it sends contain a <p> tag.
3.Watch the NPP object explode.
4.(again, the NPP object remains intact for callbacks with other tags, such as <br> or <b> or <i>)

Actual Results:  
The NPP object points to 0xfeefee instead of its original location and no longer contains valid data.

Expected Results:  
The NPP object should remain intact and enable you to call another function with your next set of results.

I believe this happens with the <pre> tag as well - I've been having issues with that but haven't tested specifically for it before writing this bug report.
i don't suppose you can provide some source?
Keywords: crash, stackwanted
Well I just wrote up quickly an example plugin with different text to pass back to the javascript, and passing a <p> tag did not break it.  I could have sworn that was the issue, but it is now obviously something else.

I'll try to figure out what it is...
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
I just can't get it out of my head that the HTML tag is the problem - i'm working with RSS feeds and I literally just changed the test file from:

<item>
<title><![CDATA[MC: Confessions of a Pats fan]]></title>
<link>http://www.cnn.com/rssclick/2005/US/12/08/airplane.gunshot/index.html?section=cnn_topstories</link>
<guid isPermaLink="true">http://x.go.com/cgi/x.pl?name=SEARCH_rssespn&amp;srvc=sz&amp;goto=http://insider.espn.go.com/espn/page2/blog/entry?id=2219700&amp;searchName=simmons&amp;CMP=OTC-DT9705204233</guid>
<pubDate>Thu, 10 Nov 2005 09:56:11 PST</pubDate>
<description><![CDATA[I'm sick.<p>So we might as well start there. The Pats-Colts game on Monday literally gave me bronchitis. I didn't know this was possible. Anyway, I wanted to follow up on Tuesday's Pats-Colts column , w...]]></description>
<dc:creator><![CDATA[Bill Simmons]]></dc:creator>
</item>

TO:

<item>
<title><![CDATA[MC: Confessions of a Pats fan]]></title>
<link>http://www.cnn.com/rssclick/2005/US/12/08/airplane.gunshot/index.html?section=cnn_topstories</link>

<guid isPermaLink="true">http://x.go.com/cgi/x.pl?name=SEARCH_rssespn&amp;srvc=sz&amp;goto=http://insider.espn.go.com/espn/page2/blog/entry?id=2219700&amp;searchName=simmons&amp;CMP=OTC-DT9705204233</guid>
<pubDate>Thu, 10 Nov 2005 09:56:11 PST</pubDate>
<description><![CDATA[Im sick.<b>So we might as well start there. The Pats-Colts game on Monday literally gave me bronchitis. I didnt know this was possible. Anyway, I wanted to follow up on Tuesdays Pats-Colts column , w...]]></description>
<dc:creator><![CDATA[Bill Simmons]]></dc:creator>
</item>

and it worked.  (note the change from <p> to <b>)... any idea why any of this would happen?  I just made a new plugin and passing a <p> worked fine.
So if you insert a display:block element (eg <p>) as a child of a display:inline element the layout objects for the display:inline element will be reconstructed.  If your <object> or <embed> is a descendant of the nearest block that the inline in question is a descendant of), it'll get a new layout object, which means the plugin will be torn down (due to bug 90268).

Is that what's going on here?  You never said what your "functions in javascript" do with the text you pass them, so I'm sort of having to guess at what you're doing...
Yes, that's exactly what's going on.  Sorry to be so vague.

I'm taking what is passed into javascript and changing the contents of a container object (document.getElementById("whatever"))...  I'll see if I can modify them so that the plugin doesn't get torn down when the layout is changed.
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.