Closed
Bug 32389
Opened 24 years ago
Closed 24 years ago
Browser crashes upon encountering a recursive IFRAME inclusion.
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect, P3)
Core
Layout: Images, Video, and HTML Frames
Tracking
()
People
(Reporter: sacolcor, Assigned: pollmann)
Details
(Keywords: crash)
Attachments
(1 file)
263 bytes,
text/html
|
Details |
View a page containing an IFRAME pointing to itself. Watch browser go boom. We need to guard both against direct and indirect (A includes B includes A) IFRAME recursion. IE just displays blank space when it detects this condition.
Comment 1•24 years ago
|
||
Confirming. When testing it crashed in nsWindow::Create but the real problem is that a recursive IFRAME is allowed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Petersen: Please provide a testcase. And, please confirm whether a fish has a soul.
Comment 4•24 years ago
|
||
So .. I had this reported in a XUL context (bug #33722), but the XUL <html:iframe> is just a normal html iframe anyways, so I'm going to make the other bug for the XUL usage depend on this one. Here's a couple of test cases: WARNING: the second test case completely horked win98 (even after mozilla was terminated, MB of memory was left allocated in the OS and I could no longer launch any new apps -- had to do a hard reset of the system). TEST 1 : A->A->A ... c:\temp\file.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file.xul" style='border: 1px solid red;'></iframe> <p>goodbye</p> </body></html> TEST 2 : A->B->A ... c:\temp\file1.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file2.html" style='border: 1px solid red;'></iframe> <p>goodbye</p> </body></html> c:\temp\file2.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file1.html" style='border: 1px solid blue;'></iframe> <p>goodbye</p> </body></html> By the way, this can also be done for <frameset>/<frame>. See: news://news.mozilla.org/37656AF6.38502494%40netscape.com news://news.mozilla.org/37657250.2E6876B1%40qlink.queensu.ca (The URL discussed there is no longer functioning correctly, but the idea behind would be pretty easy to duplicate). If there isn't a bug for this now, then this should either be filed or dealt with as part of this bug. Oh, and I believe a fish has a soul, but I can't prove it.
Comment 5•24 years ago
|
||
Eric: I think you're mr frames, right? So this testcase doesn't blow up, and the content model looks reasonable. Can you confirm this?
Assignee: rickg → pollmann
Assignee | ||
Comment 8•24 years ago
|
||
This is already reported as bug 8065. Thanks! (FWIW, I don't believe that a fish has a soul. But I can't prove it either.) *** This bug has been marked as a duplicate of 8065 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Component: HTML Element → HTMLFrames
OS: Windows NT → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Core → Core Graveyard
Updated•6 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•