New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 664435 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 2016
Cc:
hdodda@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

The tabs hung using parent.top.opener.x.document.write in a background tab

Reported by jm.acun...@gmail.com, Nov 11 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36

Steps to reproduce the problem:
1. creates a local html file:

<html>
<head><title>Page Locking</title></head>
<body>

<a href="https://www.mozilla.org/en-US/firefox/new" onclick="
	x = top.open(this.href,window,'');
	setTimeout(function(){
		x.document.body.outerHTML += '\
		<iframe src=https://www.mozilla.org/media/img/firefox/template/header-logo-inverse.510f97e92635.png onload=parent.top.opener.x.document.write(parent.opener.x.document.body.innerHTML)\
			style=position:fixed;top:0;left:0;width:100%;height:100%;border:0></iframe>';
	}, 0);
	return false;">
	Tab hangs
</a>
</body>
</html>

2. click on the link
3. tabs hangs

What is the expected behavior?

What went wrong?
Tabs hangs.

Did this work before? N/A 

Chrome version: 54.0.2840.99  Channel: stable
OS Version: 6.3
Flash Version: Shockwave Flash 23.0 r0
ice_video_20161111-100436.webm
3.4 MB View Download

Comment 1 by ligim...@chromium.org, Nov 11 2016

Labels: Needs-Bisect

Comment 2 by hdodda@chromium.org, Nov 14 2016

Cc: hdodda@chromium.org
Components: -UI Blink>Loader
Labels: -Needs-Bisect M-56 OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)
Tested on Mac OS 10.11.6 using chrome stable M54 #54.0.2840.98 and issue is reproduced.

Issue is seen from M30 # 30.0.1549.0 and is a non-regression issue.

Hence marking it as untraiged.

Thanks !

Comment 3 by jm.acun...@gmail.com, Nov 14 2016 

chrome://crashes

ID de bloqueo c72a195f-d608-481d-a4bd-c7b2820fba30 (ID de servidor: 709cab3700000000)

Notificado automáticamente el lunes, 14 de noviembre de 2016, 10:58:13
crash-memory.png
29.2 KB View Download

Comment 4 by csharrison@chromium.org, Nov 22 2016

Status: WontFix (was: Untriaged)
This is just a clever exponential OOM. You can trivially OOM the page in lots of ways though, so I think solving this particular one is not really a priority.

i.e. you could do a similar thing with arrays (being a bit clever to avoid our length limits).

Comment 5 Deleted

Comment 6 by jm.acun...@gmail.com, Nov 22 2016 

Some considerations:

1- You can minimize the html code to the minimum expression:

<a href="https://www.mozilla.org/en-US/firefox/new" onclick="
	x = open(this.href,window,'');
	x.document.body.outerHTML += '\
	<iframe src=https://www.mozilla.org/media/img/firefox/template/header-logo-inverse.510f97e92635.png onload=parent.top.opener.x.document.write(parent.opener.x.document.body.innerHTML)></iframe>';
return false;">
	Page Locking
</a>

2- The infinite loop occurs with parent.top.opener.x.document and not with parent.top.opener.document

3- The infinite loop occurs if the src of the iframe is an image (I've tested it with a Google image). If we load any website, for example https://www.google.com, it works correctly.

Sign in to add a comment