6958 2006-01-30 23:20:32 -0800 form submit in onload handler causes an infinite loop 2011-07-29 12:41:21 -0700 1 1 1 Unclassified WebKit Forms 420+ Mac OS X 10.4 NEW HasReduction P2 Major --- 7080 39021 1 joost webkit-unassigned ap BugZilla darin ddkilzer ian oldest_to_newest 30722 0 joost 2006-01-30 23:20:32 -0800 Testcase forthcoming but this is the code: <body onload="document.getElementById('form').submit()"> <form id="form"></form> </body> This will cause an infinite loop, hanging safari. 30723 1 6139 joost 2006-01-30 23:21:22 -0800 Created attachment 6139 Testcase 30810 2 hyatt 2006-01-31 14:57:45 -0800 I think this may be related to the infinite loop bug with setting window.location.href = "#somelinkonpage" in onload. Try a test case that does that too. I bet they are the same underlying issue. There was some Ajax bug about Really Simple History not working that is related to this too. IMO fixing these bugs is really really important (P1), since it's an infinite loop. 30902 3 ddkilzer 2006-01-31 21:50:33 -0800 Is it really starting an infinite loop, or is the Redirection Timer just started and never stopped during this action? See also Bug 6309. 31412 4 darin 2006-02-05 00:48:03 -0800 This is really an infinite loop. I think the reason for this is that it submits the form right away, whereas for a location change, we schedule it and it gets done next time around the event loop. I think form submission should be changed to work the same way as other location changes, sharing the "redirection timer" with the rest. 31422 5 joost 2006-02-05 01:21:29 -0800 As commented by darin, form submission should time differently. The infinite loop part of this can be found in bug 7080, this bug is now just here to track how we handle form submission. 62063 6 ap 2007-11-23 01:49:58 -0800 Hmm, this seems to have fixed itself between r19809 and r19818 - I don't see any check-ins in this period that look related to this issue (most of them were on branches). I guess we need to land an automated test for this. 442414 7 BugZilla 2011-07-26 11:50:20 -0700 I can reproduce on r91704 442657 8 102083 BugZilla 2011-07-26 17:46:30 -0700 Created attachment 102083 Test case for body onload handler that submits a form that loads itself 442658 9 102084 BugZilla 2011-07-26 17:47:04 -0700 Created attachment 102084 Test case for body onload handler that submits a URL fragment 442668 10 BugZilla 2011-07-26 17:58:17 -0700 I uploaded two tests. One for testing if the unload handler submits to a URL fragment and one if it just submits to the current page. For the URL fragment there is no infinite loop, but for the other test WebKit does loop infinitely. 442669 11 BugZilla 2011-07-26 18:02:46 -0700 (In reply to comment #4) > This is really an infinite loop. > > I think the reason for this is that it submits the form right away, whereas for a location change, we schedule it and it gets done next time around the event loop. I think form submission should be changed to work the same way as other location changes, sharing the "redirection timer" with the rest. NavigationScheduler::scheduleFormSubmission() calls schedule(adoptPtr(new ScheduledFormSubmission())) Does this mean the submission is using the "redirection timer"? It seems like the infinite loop is because on each new load the body's onload handler is called. However, you are not stuck in this loop, I can click on another link and navigate away from the looping page. 443057 12 darin 2011-07-27 12:07:33 -0700 (In reply to comment #11) > However, you are not stuck in this loop, I can click on another link and navigate away from the looping page. That’s right. An infinite reload loop, not a browser or engine hang. 443079 13 BugZilla 2011-07-27 12:23:16 -0700 (In reply to comment #12) > (In reply to comment #11) > > However, you are not stuck in this loop, I can click on another link and navigate away from the looping page. > > That’s right. An infinite reload loop, not a browser or engine hang. So what ought to be the fix? The browser is doing what the website is telling it to do. 443080 14 darin 2011-07-27 12:23:56 -0700 Do other web browsers do the same thing? 443100 15 BugZilla 2011-07-27 12:39:15 -0700 (In reply to comment #14) > Do other web browsers do the same thing? FF (OS X) infinite reloads. It doesn't look like it because the UI isn't updating, but in FireBug it's very obvious. Chrome (OS X) infinite reloads Unfortunately I haven't put Win on this machine yet. But I've been meaning to do that, so maybe now is the time. 443167 16 darin 2011-07-27 14:54:41 -0700 The original bug was a true infinite loop. But now it’s just an infinite reload loop. Kevin, you are the one who said you could still reproduce the bug, but you’re just reproducing a reload loop, not a true infinite loop. I think Alexey had it right in comment #6. This is fixed and we need a regression test. 443240 17 BugZilla 2011-07-27 17:52:01 -0700 (In reply to comment #16) > The original bug was a true infinite loop. But now it’s just an infinite reload loop. > > Kevin, you are the one who said you could still reproduce the bug, but you’re just reproducing a reload loop, not a true infinite loop. I think Alexey had it right in comment #6. This is fixed and we need a regression test. Agreed. I get the same behavior as I described above on current FF, Chrome, Safari, and IE (on Win 7). I'll make a layout test. 444043 18 102380 BugZilla 2011-07-29 12:41:21 -0700 Created attachment 102380 New Test case proposal. This test case tries to test for the "infinite loop" scenario while not reloading forever in the success case. However, as the infinite loop code has not caused the error for so long, I cannot reproduce the old bad-behavior, and so am unable to be certain if this test would catch it. 6139 2006-01-30 23:21:22 -0800 2006-01-30 23:21:22 -0800 Testcase 6958-infinite-loop.html text/html 90 joost PGJvZHkgb25sb2FkPSJkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZm9ybScpLnN1Ym1pdCgpIj4K Cjxmb3JtIGlkPSJmb3JtIj48L2Zvcm0+Cgo8L2JvZHk+ 102083 2011-07-26 17:46:30 -0700 2011-07-29 12:41:21 -0700 Test case for body onload handler that submits a form that loads itself form-submit-fragment-in-onload-handler.html text/html 597 BugZilla PGh0bWw+CjxoZWFkPgo8c2NyaXB0PgogICAgZnVuY3Rpb24gcnVuVGVzdHMoKSB7CiAgICAgICAg aWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgewogICAgICAgICAgICBsYXlvdXRUZXN0 Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CiAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVy LndhaXRVbnRpbERvbmUoKTsKICAgICAgICB9CiAgICB9CgogICAgPC9zY3JpcHQ+CjwvaGVhZD4K PCEtLSA8Ym9keSBvbmxvYWQ9InJ1blRlc3RzKCk7Ij4gLS0+Cjxib2R5IG9ubG9hZD0iZG9jdW1l bnQuZ2V0RWxlbWVudEJ5SWQoJ2Zvcm0nKS5zdWJtaXQoKSI+CiAgICA8cD5UaGlzIHRlc3RzIHRo YXQgc3VibWl0dGluZyBhIGZvcm0gaW4gdGhlIG9ubG9hZCBoYW5kbGVyIHRvIGFuIFVSTCBmcmFn bWVudCBkb2VzIG5vdCByZXN1bHQgaW4gYW4gaW5maW5pdGUgbG9vcDwvcD4KICAgIDxmb3JtIGlk PSJmb3JtIiBhY3Rpb249IiNzb21lbGlua29ucGFnZSI+PC9mb3JtPgogICAgPGRpdiBpZD0iY29u c29sZSI+PC9kaXY+CiAgICA8YSBuYW1lPSJzb21lbGlua29ucGFnZSI+WW91J3JlIGF0IHRoZSBi b3R0b20hPC9hPgo8L2JvZHk+CjwvaHRtbD4K 102084 2011-07-26 17:47:04 -0700 2011-07-29 12:41:21 -0700 Test case for body onload handler that submits a URL fragment form-submit-in-onload-handler.html text/html 498 BugZilla PGh0bWw+CjxoZWFkPgo8c2NyaXB0PgogICAgZnVuY3Rpb24gcnVuVGVzdHMoKSB7CiAgICAgICAg aWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgewogICAgICAgICAgICBsYXlvdXRUZXN0 Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CiAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVy LndhaXRVbnRpbERvbmUoKTsKICAgICAgICB9CiAgICB9CgogICAgPC9zY3JpcHQ+CjwvaGVhZD4K PCEtLSA8Ym9keSBvbmxvYWQ9InJ1blRlc3RzKCk7Ij4gLS0+Cjxib2R5IG9ubG9hZD0iZG9jdW1l bnQuZ2V0RWxlbWVudEJ5SWQoJ2Zvcm0nKS5zdWJtaXQoKSI+CiAgICA8cD5UaGlzIHRlc3RzIHRo YXQgc3VibWl0dGluZyBhIGZvcm0gaW4gdGhlIG9ubG9hZCBoYW5kbGVyIGRvZXMgbm90IHJlc3Vs dCBpbiBhbiBpbmZpbml0ZSBsb29wPC9wPgogICAgPGZvcm0gaWQ9ImZvcm0iPjwvZm9ybT4KICAg IDxkaXYgaWQ9ImNvbnNvbGUiPjwvZGl2Pgo8L2JvZHk+CjwvaHRtbD4K 102380 2011-07-29 12:41:21 -0700 2011-07-29 12:41:21 -0700 New Test case proposal. form-submit-in-onload-handler.html text/html 1319 BugZilla PGh0bWw+CjxoZWFkPgo8c2NyaXB0PgogICAgZnVuY3Rpb24gcnVuVGVzdHMoKSB7CiAgICAgICAg aWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikgewogICAgICAgICAgICBsYXlvdXRUZXN0 Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7CiAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVy LndhaXRVbnRpbERvbmUoKTsKICAgICAgICB9CgogICAgICAgIGluY3JlbWVudENvb2tpZUFuZFN1 Ym1pdEFnYWluKCk7CiAgICB9CgoKICAgIGZ1bmN0aW9uIGluY3JlbWVudENvb2tpZUFuZFN1Ym1p dEFnYWluKCkgewogICAgICAgIHZhciBjb29raWUgPSBkb2N1bWVudC5jb29raWU7CiAgICAgICAg Y29va2llID0gY29va2llLnNwbGl0KCI7Iik7CgogICAgICAgIHZhciBjb3VudGVyID0gMDsKICAg ICAgICB2YXIgcGFpcjsKICAgICAgICBmb3IodmFyIGkgPSAwOyBpIDwgY29va2llLmxlbmd0aDsg KytpKSB7CiAgICAgICAgICAgIHBhaXIgPSBjb29raWVbaV0uc3BsaXQoIj0iKTsKICAgICAgICAg ICAgaWYgKHBhaXJbMF0gPT0gInBhZ2VDb3VudCIpCiAgICAgICAgICAgICAgICBjb3VudGVyID0g cGFyc2VJbnQocGFpclsxXSk7CiAgICAgICAgfQogICAgICAgICsrY291bnRlcjsKCiAgICAgICAg aWYgKGNvdW50ZXIgPCAzKQogICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnZm9y bScpLnN1Ym1pdCgpOwoKICAgICAgICB2YXIgZXhwRGF0ZSA9IG5ldyBEYXRlKCk7CiAgICAgICAg ZXhwRGF0ZS5zZXRUaW1lKGV4cERhdGUuZ2V0VGltZSgpICsgNTAwMCk7ICAvLyBleHByaWVzIGlu IDUgc2Vjb25kcwoKICAgICAgICB2YXIgbmV3Q29va2llID0gInBhZ2VDb3VudD0iICsgY291bnRl cjsKICAgICAgICBuZXdDb29raWUgKz0gIjsgZXhwaXJlcz0iICsgZXhwRGF0ZS50b0dNVFN0cmlu ZygpOwogICAgICAgIHdpbmRvdy5kb2N1bWVudC5jb29raWUgPSBuZXdDb29raWU7CgogICAgICAg IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb25zb2xlIikuaW5uZXJIVE1MID0gIkxvb3BlZCAi ICsgY291bnRlciArICIgdGltZXMuIjsKICAgIH0KICAgIDwvc2NyaXB0Pgo8L2hlYWQ+Cgo8IS0t IDxib2R5IG9ubG9hZD0icnVuVGVzdHMoKTsiPiAtLT4KPGJvZHkgb25sb2FkPSJydW5UZXN0cygp Ij4KICAgIDxwPlRoaXMgdGVzdHMgdGhhdCBzdWJtaXR0aW5nIGEgZm9ybSBpbiB0aGUgb25sb2Fk IGhhbmRsZXIgZG9lcyBub3QgcmVzdWx0IGluIGFuIGluZmluaXRlIGxvb3A8L3A+CiAgICA8Zm9y bSBpZD0iZm9ybSI+PC9mb3JtPgogICAgPGRpdiBpZD0iY29uc29sZSI+PC9kaXY+CjwvYm9keT4K PC9odG1sPgo=