Closed Bug 777706 Opened 7 years ago Closed 7 years ago

Unable to tap the Twitter sign-in button


(Core :: DOM: Core & HTML, defect)

17 Branch
Not set



Tracking Status
firefox15 --- unaffected
firefox16 --- fixed
firefox17 + fixed


(Reporter: aaronmt, Unassigned)




(Keywords: regression)


(1 file)

Tapping the sign-in button simply flashes the button orange.

Nightly (07/26)
Samsung Galaxy Nexus (Android 4.1.1)

E/GeckoConsole( 2792): [JavaScript Error: "Error: Permission denied to access property '0'" {file: "" line: 3965}]
If this is a recent regression it may have been caused by bug 773427 or bug 773431.
For some reason having our event listener registered in capture mode instead of bubble mode (which is what the patch from bug 773431 does) results in the event objects touches property to become inaccessible. This is what is causing the script error in comment 1, and what is causing the link to not load. Simplified test page at - click on the text should result in an alert dialog in FF for Android, but currently does not.
Commenting out the check for "aEvent.touches.length > 1" in browser.js fixes this, so it's probably some sort of javascript protection mechanism. i.e. if we access aEvent.touches from browser.js first then it becomes inaccessible to the content page, but if they access it first then it's all good.
Smaug pointed out this might be a regression from bug 734503. Backing it out locally to test.
Backing out bug 734503 kills the security exceptions, but the array method of getting touches (i.e. event.touches[0]) return undefined even though event.touches.length === 1. Going to bug some more people....
Blocks: 734503
Component: General → DOM
Product: Firefox for Android → Core
Version: Firefox 17 → 17 Branch
I have almost no idea how this works, but it looks like the dom-bindings are doing some caching of their own. Is that causing us to get something that's been wrapped incorrectly when the page tries to access it later?

Will keep looking at this tomorrow.
Hmm.  So the touchlist uses the document as the parent if created via createTouchList.

But if it's gotten off an event it uses the _event_ as the parent.

And I bet we've got no parenting on the event object so the touchlist gets wrapped in the chrome scope, and all's bad after that.

This used to work because the touchlist didn't use to be a wrappercache, so it got separately wrapped in every single scope....

Would it make any sense to use the event target as a parent instead of the event?
Ok, I realized that's a stupid question, because events can't end up bubbling from chrome to content (I hope).
Events cannot bubble from chrome to content, no.

The right event target is probably the explicitOriginalTarget or whatnot.  Basically, whatever will only be affected by the retargeting when leaving native anonymous content.  Assuming we have such a thing.
There isn't event target when event hasn't been dispatched.
But in those situations you won't have script getting the touches off the event either, right?
I guess events can get redispatched, though.  Hrm.

Can we just associate the event with a window and use that window as the parent here?  I know you were talking about doing that for events in general.
(In reply to Boris Zbarsky (:bz) from comment #15)
> Can we just associate the event with a window and use that window as the
> parent here? 
Yes, that is my plan for ParisBindings+Events, but we need to fix this bug in some other way
asap, I think.
Attached patch Backout patchSplinter Review
This backs out bug 734503 and the touchlist parts of bug 768669. Using this twitter and kat's test page are fixed.
Attachment #647612 - Flags: review?(bugs)
Attachment #647612 - Flags: review?(bugs) → review+
Do we need the backout also in aurora, or even in beta?
I would like to have this backed out in aurora (16) and beta (15), because then I can uplift bug 773431 to those channels without regressing twitter.
Going to wait to make sure these are ok on central before requesting approval. That ok kats?
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla17
Ready to request Aurora/Beta approval?
Comment on attachment 647612 [details] [diff] [review]
Backout patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): regression from 734503 and 768669. backout of the relevent parts of both patches. unnoticed until bug 773431 made it visible. can't move bug 773431 forward without this.
User impact if declined: Any touches that we (or extensions) take in chrome suddenly make them inaccessible by content
Testing completed (on m-c, etc.): landed on mc last week. No regressions I know of
Risk to taking this patch (and alternatives if risky): should just be reverting us to the behavior gecko has had since forever before this
String or UUID changes made by this patch: none
Attachment #647612 - Flags: approval-mozilla-beta?
Attachment #647612 - Flags: approval-mozilla-aurora?
Comment on attachment 647612 [details] [diff] [review]
Backout patch

approving backout for branches.
Attachment #647612 - Flags: approval-mozilla-beta?
Attachment #647612 - Flags: approval-mozilla-beta+
Attachment #647612 - Flags: approval-mozilla-aurora?
Attachment #647612 - Flags: approval-mozilla-aurora+
tracking-fennec: ? → ---
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.