Closed
Bug 32389
Opened 25 years ago
Closed 25 years ago
Browser crashes upon encountering a recursive IFRAME inclusion.
Categories
(Core :: Layout: Images, Video, and HTML Frames, defect, P3)
Core
Layout: Images, Video, and HTML Frames
Tracking
()
People
(Reporter: sacolcor, Assigned: pollmann)
Details
(Keywords: crash)
Attachments
(1 file)
(deleted),
text/html
|
Details |
View a page containing an IFRAME pointing to itself. Watch browser go boom.
We need to guard both against direct and indirect (A includes B includes A)
IFRAME recursion. IE just displays blank space when it detects this condition.
Comment 1•25 years ago
|
||
Confirming.
When testing it crashed in nsWindow::Create but the real problem is that
a recursive IFRAME is allowed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Petersen: Please provide a testcase. And, please confirm whether a fish has a
soul.
Comment 4•25 years ago
|
||
So .. I had this reported in a XUL context (bug #33722), but the XUL
<html:iframe> is just a normal html iframe anyways, so I'm going to
make the other bug for the XUL usage depend on this one.
Here's a couple of test cases:
WARNING: the second test case completely horked win98 (even after
mozilla was terminated, MB of memory was left allocated in the OS
and I could no longer launch any new apps -- had to do a hard reset
of the system).
TEST 1 : A->A->A ...
c:\temp\file.html
<html><body>
<p>hello</p>
<iframe src="file://C|/temp/file.xul" style='border: 1px solid red;'></iframe>
<p>goodbye</p>
</body></html>
TEST 2 : A->B->A ...
c:\temp\file1.html
<html><body>
<p>hello</p>
<iframe src="file://C|/temp/file2.html" style='border: 1px solid red;'></iframe>
<p>goodbye</p>
</body></html>
c:\temp\file2.html
<html><body>
<p>hello</p>
<iframe src="file://C|/temp/file1.html" style='border: 1px solid
blue;'></iframe>
<p>goodbye</p>
</body></html>
By the way, this can also be done for <frameset>/<frame>. See:
news://news.mozilla.org/37656AF6.38502494%40netscape.com
news://news.mozilla.org/37657250.2E6876B1%40qlink.queensu.ca
(The URL discussed there is no longer functioning correctly, but the
idea behind would be pretty easy to duplicate).
If there isn't a bug for this now, then this should either be filed or
dealt with as part of this bug.
Oh, and I believe a fish has a soul, but I can't prove it.
Comment 5•25 years ago
|
||
Eric: I think you're mr frames, right? So this testcase doesn't blow up, and the
content model looks reasonable. Can you confirm this?
Assignee: rickg → pollmann
Assignee | ||
Comment 8•25 years ago
|
||
This is already reported as bug 8065. Thanks!
(FWIW, I don't believe that a fish has a soul. But I can't prove it either.)
*** This bug has been marked as a duplicate of 8065 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Component: HTML Element → HTMLFrames
OS: Windows NT → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Core → Core Graveyard
Updated•6 years ago
|
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•