371628 - As of 2.0.0.2, FF not longer executes code injected through the innerHTML property of a document synchronously

Status: RESOLVED DUPLICATE of bug 371576

(Core :: DOM: Core & HTML, defect)

Description

[tnarik]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2

If you test the Gspace extension (https://addons.mozilla.org/firefox/1593) with FF 2.0.0.2, you'll never login the system.
This is due to the mechanism used and the way code gets executed on FF 2.0.0.2.

Gspace uses a browser element to execute some javascript code extracted from the Gmail site and get some identifiers.
Previously, on FF 2.0.0.1, this code was executed just after the injection of code, before returning the control to the extension code, so the needed information was already created by the code.
As of FF 2.0.0.2, the inject code get executed after the extension code finishes, so it fails obtaining the needed identifiers.

Reproducible: Always

Steps to Reproduce:
1. Install Gspace on FF 2.0.0.1
2. You should log on the system with out problems.
3. Using the DOM inspector, you will see a gspace_gEnumFrame### browser element with some elements inside.

4. Install Gspace on FF 2.0.0.2
5. An "setting ik failed" message will always appear.
6. Using the DOM inspector, you will see a gspace_gEnumFrame### browser element with some elements inside, which Gspace couldn't find before.
Actual Results:  
Gspace doesn't work.

Expected Results:  
Gspace works.

Comment 1

[:Gavin Sharp [email: gavin@gavinsharp.com]]

This might be the same as bug 371576, but it was also caused by the patch for bug 364692. The reporter has tested that the regression range matches that bug's landing.

Comment 2

[:Gavin Sharp [email: gavin@gavinsharp.com]]

tnarik: if you could attach a "minimal extension" that shows the problem, that would be great.

Comment 3

[tnarik]

Attachment: Gspace modified version tracing the method calls

This is a "not minimal" extension tracing the calling order of the innerHTML code and the extension code as alerts.

Comment 4

[Alan Graham]

Not sure about other AJAX controls, but this could be the cause of a problem with the Telerik Web Tree (http://www.telerik.com/).  As of the update to 2.0.0.2 expanding tree view nodes causes the tree to collapse to a flat list showing the Text of each node before expanding again.

Comment 5

[Martijn Wargers (dead)]

Alan, where? I've look at the demos here: http://www.telerik.com/demos/aspnet/TreeView/Examples/Overview/DefaultCS.aspx
But I don't see any problems with it.
Could you file a new bug on the issue that you're seeing? And please mention the bug number here.

Comment 6

[Alan Graham]

Hi Martijn, its a different TreeView control, this one here

http://www.telerik.com/demos/aspnet/Controls/Examples/Integration/AspNetAjax/TreeviewBuilder/DefaultCS.aspx?product=treeview

Have added a bug report at https://bugzilla.mozilla.org/show_bug.cgi?id=371751 and in the Telerik forums http://www.telerik.com/community/forums/thread/b311D-tcedk.aspx in case the bug is with their control.

Comment 7

[tnarik]

It seems that previously assigning 
  browser.contentDocument.body.innerHTML = "";

, delays somehow the execution of code injected such as
  element.innerHTML="somecode";
  browser.contentDocument.body.appendChild(element);

Commenting the first line on the Gspace code (srcDoc.body.innerHTML = ""; at gactions.js) seems to fix the problem.

Comment 8

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Hmm.. this is weird. Setting .innerHTML should never have executed scripts. A pile of sites broke when we made setting .innerHTML execute scripts so it was explicitly prohibited.

Can you attach a testcase that worked in 2.0.0.1?

Comment 9

[Boris Zbarsky [:bzbarsky]]

sicking, they're setting the innerHTML on a <script>.  Then appending the script.  That's exactly bug 371576, so given lack of evidence to the contrary after a week marking duplicate.