Open
Bug 615031
Opened 14 years ago
Updated 3 years ago
"ASSERTION: Could not get loadgroup; onload may fire too early"
Categories
(Core :: DOM: Core & HTML, defect, P5)
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
Details
(Keywords: assertion, testcase)
Attachments
(2 files, 1 obsolete file)
###!!! ASSERTION: Could not get loadgroup; onload may fire too early: 'loadGroup', file content/base/src/nsContentUtils.cpp, line 2517
|
Reporter | |
Comment 1•14 years ago
|
||
The testcase makes a fuzzPrivGC call, so you'll need to install
https://www.squarefree.com/extensions/domFuzzLite.xpi to test it.
|
|
Reporter | |
Comment 2•14 years ago
|
||
|
||
Comment 3•14 years ago
|
||
Hmm. Should nsDataDocumentContentPolicy perhaps deny loads for non-data documents whose scope object has gone away?
Or should documents whose scope object has gone away start claiming to be data documents?
> Or should documents whose scope object has gone away start claiming to be data
> documents?
The main issue I can think of is that it exposes GC behavior.
Shouldn't holding on to the document really be holding the scope and the .frameElement alive? You should be able to access it using document.defaultView.frameElement, no?
|
|
||
Comment 5•14 years ago
|
||
> The main issue I can think of is that it exposes GC behavior.
Does it? We should be tearing down the frameloader synchronously (or close to it) when the frame element is removed from the document. That should kill the dochell and global window (in the sense of calling Destroy, not destructors), which should SetScriptGlobalObject(null) on the document. All of this independent of the GC.
The loadgroup is gotten via the document->docshell reference, so if we can't get it that means that reference has been broken... and it shouldn't be broken until the same time as the document loses its window.
Note that .defaultView is also null in this case, for the same reasons: we tear down all the window-related machinery when the frameloader goes away.
Ah, ok. Then the second paragraph in comment 3 sounds good to me.
|
|
||
Comment 7•14 years ago
|
||
I wonder whether there could be web compat issues there. For example, right now someone could grab a document out of a subframe, createElement an HTML <img>, set its src and then it would, I think, load... and then they could draw it into a canvas or whatnot.
That's a problem with both solutions proposed in comment 3, btw.
|
|
Reporter | |
Comment 8•12 years ago
|
||
Updated to work with https://www.squarefree.com/extensions/domFuzzLite3.xpi
Attachment #493489 -
Attachment is obsolete: true
|
||
Comment 9•7 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046
Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.
If you have questions, please contact :mdaly.
Priority: -- → P5
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•