721452 - Inserting invalid xbl:handler into a content document causes issues

Status: RESOLVED FIXED

(Core :: XBL, defect)

Description

[u278084]

Attachment: The xbl file

If the xbl:handler is missing the event attribute, when it gets inserted into an HTML document it causes a crash. This has to be regular HTML pages. The problem does not seem to occur on chrome documents such as about:config.

STR
1. Load a HTML document such as google.com
2. Call nsIDocument.ForceEnableXULXBL() (I had to this from a binary extension). Not sure how I can put this into a testcase
3. Insert the attached xbl file into the document.

Results:
Crash :(

Comment 1

[u278084]

Attachment: Stacktrace from VS

aAtom is null near the top of the stack

Comment 2

[Neil Deakin]

Can you be more specific by what you are doing here? What do you mean 'insert'? Insert using appendChild? or set a moz-binding property to the binding? If a testcase isn't feasible can you at least attach the code being used and when it crashes?

Comment 3

[u278084]

(In reply to Neil Deakin from comment #2)
> Can you be more specific by what you are doing here? What do you mean
> 'insert'? Insert using appendChild? or set a moz-binding property to the
> binding? If a testcase isn't feasible can you at least attach the code being
> used and when it crashes?

Sorry, should have been more clear on that last step. By 'insert' I mean doing the following:

var d = document.createElementNS( "http://www.w3.org/1999/xhtml", "div");
d.style.setProperty("-moz-binding", "url(chrome://smartswipe-limited/content/topbar2.xml#topbar2)", "");
document.body.appendChild(d);

Where the url() is the path to the xbl attached above. It crashes immediately after appendChild is called.

Comment 4

[Neil Deakin]

Attachment: patch

Comment 5

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 593089 [details] [diff] [review]
patch

r=me

Comment 6

[Marco Bonardo [:mak]]

https://hg.mozilla.org/mozilla-central/rev/862dec07105b