Open
Bug 670183
Opened 13 years ago
Updated 2 years ago
perhaps DOMOperationCallback should be more ambitious with its script-killing
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: luke, Unassigned)
References
Details
(Whiteboard: [Snappy:p1])
bug 667915 demonstrated several cases where real websites were locking the browser by OOM'ing the slow script dialog JS. One aspect of this problem was fixed in bug 667915 (chrome should have more stack than content), but it still raises the question: why did the DOMOperationCallback allow script execution to continue on error? WebKit has the same stack problem but after throwing up a managled-from-OOM slow-script dialog, they kill script execution. For this particular issue, the offender is this code in DOMOperationCallback: nsCOMPtr<nsIPrompt> prompt = GetPromptFromContext(ctx); NS_ENSURE_TRUE(prompt, JS_TRUE); (returning JS_FALSE will kill script execution). It definitely seems like this should be fixed, but there are a few other cases where, on error, we default to JS_TRUE. Perhaps these should also be changed; at least audited.
Comment 1•13 years ago
|
||
> For this particular issue, the offender is this code in DOMOperationCallback:
The problem is that this can't tell whether there's no prompt because this context is not tied to a window (e.g. some sandbox) or because of some sort of error....
Maybe we should err on the side of killing content scripts on no prompt and not killing chrome scripts?
How can content script run in a sandbox? Or otherwise have script not tied to a window? I also seem to recall that we don't throw an uncatchable exception when a script was aborted due to the slow-script dialog. If that is indeed the case then we should IMHO fix that.
Comment 3•13 years ago
|
||
> How can content script run in a sandbox? No idea. Chances are it can't. > Or otherwise have script not tied to a window? I don't think it can. Hence my proposal to kill content script if we can't get a prompt.
Sounds good to me then.
Reporter | ||
Comment 5•13 years ago
|
||
So, can we go turn all those 'return JS_TRUE' to 'report-error + return JS_FALSE' ?
Reporter | ||
Updated•13 years ago
|
Whiteboard: [Snappy]
Comment 6•13 years ago
|
||
p1 since it's a possible solution to 705695. Assigning to luke since he has a lot of wisdom on this.
Assignee: nobody → luke
Whiteboard: [Snappy] → [Snappy:p1]
Comment 7•13 years ago
|
||
Luke says this is probably not needed for bug 705695 and is more of a cleanup bug, so it probably doesn't need Snappy:P1.
No longer blocks: 705695
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
Comment 8•2 years ago
|
||
The bug assignee is inactive on Bugzilla, so the assignee is being reset.
Assignee: mail → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•