Closed
Bug 495883
Opened 16 years ago
Closed 16 years ago
"ASSERTION: Unable to get an nsIScriptGlobalObject from the ScriptGlobalObjectOwner!"
Categories
(Core :: DOM: Core & HTML, defect, P2)
Tracking
()
RESOLVED
FIXED
| Tracking | Status | |
|---|---|---|
| status1.9.2 | --- | beta1-fixed |
People
(Reporter: jruderman, Assigned: smaug)
References
Details
(Keywords: assertion)
Attachments
(4 files)
###!!! ASSERTION: Unable to get an nsIScriptGlobalObject from the ScriptGlobalObjectOwner!: 'global', file dom/src/jsurl/nsJSProtocolHandler.cpp, line 166
The page script is calling cloneNode. Based on the stack, I'd guess the subtree being cloned includes a frame whose src attribute is a javascript: URL.
I can't reproduce this in a way that allows me to make a reduced testcase :( sicking looked at this a little but thought bz would understand it better.
|
||
Comment 1•16 years ago
|
||
Yikes.
So we're cloning a document. That's fine. But then we create a frameloader for the frame that happens to be in that document! We should almost certainly be checking whether the document has a container before doing that.
We need to fix this on 1.9.1 too, imo, though I wouldn't block initial release on it...
|
|
||
Comment 2•16 years ago
|
||
Oh, this is extra fun. The first load (from inside BindToTree) fails because in the frame loader we go to CheckForRecursiveLoad(), which ends up in nsFrameLoader::EnsureDocShell, which can't get a win_private from the docshell (because the docshell has no treeowner), so returns error. But then we set the src attr node from the attr map on the new element, which triggers another load attempt, and this time mDocShell is non-null (even though it was never properly set up), so we go ahead and try to do the load in it.
|
|
||
Comment 3•16 years ago
|
||
There are variants of this (e.g. getting a document out of an iframe before removing that iframe from the DOM) that also don't need the "createDocument can create HTML documents" thing. Heck, I could probably toss an <html:iframe> into a random XML document...
I would have thought our data document content policy would have prevented these documents from doing loads at all, though. Why is it not catching them? Do we not flag them as data documents?
|
||
Comment 4•16 years ago
|
||
I think we should try to get to this one for 1.9.2.
Flags: blocking1.9.2? → blocking1.9.2+
Priority: -- → P2
|
Assignee | |
Updated•16 years ago
|
Assignee: nobody → Olli.Pettay
|
|
Assignee | |
Comment 5•16 years ago
|
||
We shouldn't even create the frame loader if it is not needed.
Error handling is simplified a bit so that OOM isn't any different than
for example data document handling.
Posted the patch to tryserver.
I filed a followup bug 511084 to figure out what to do with
nsGenericHTMLFrameElement::EnsureFrameLoader(). It has the !GetParent check.
Attachment #395033 -
Flags: review?(jonas)
|
|
Assignee | |
Updated•16 years ago
|
Status: NEW → ASSIGNED
Attachment #395033 -
Flags: review?(jonas) → review+
|
|
Assignee | |
Comment 6•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 7•16 years ago
|
||
Keywords: fixed1.9.2
|
||
Updated•16 years ago
|
status1.9.2:
--- → beta1-fixed
Keywords: fixed1.9.2
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•