New issue
Advanced search Search tips

Issue 716951 link

Starred by 4 users
Status: Fixed
Owner:
kouhei@chromium.org
Closed: May 2017
Cc:
neis@chromium.org
adamk@chromium.org
module-dev@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug

Blocking:
issue 594639



Sign in to add a comment

document.currentScript inside ES6 module causes Aw, Snap

Project Member Reported by thorogood@google.com, May 1 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Steps to reproduce the problem:
1. Run Canary with --enable-blink-features=ModuleScripts
2. HTML file with "<script type="module" src="crash.js"></script>"
3. JS code containing "document.currentScript;"
4. Open HTML file served over http[s]://, crash

Or see minimal repro here: https://samthor.github.io/harmony-test/document.currentScript/minimal.html

What is the expected behavior?

What went wrong?
Canary generates an "Aw, Snap" error

Did this work before? No 

Chrome version: 60.0.3085.0  Channel: canary
OS Version: OS X 10.12.4
Flash Version: 

bug as part of  crbug.com/594639

Comment 1 by kouhei@chromium.org, May 1 2017

Cc: module-dev@chromium.org
Owner: kouhei@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 2 by neis@chromium.org, May 1 2017

Blocking: 594639

Comment 3 by dtapu...@chromium.org, May 1 2017

Components: -Blink Blink>Loader

Comment 4 by neis@chromium.org, May 2 2017

Cc: neis@chromium.org adamk@chromium.org
 Issue 716765  has been merged into this issue.

Comment 5 by kouhei@chromium.org, May 4 2017

Status: Started (was: Assigned)
Looks like we are missing calls to Document::{Push,Pop}CurrentScript.
Project Member

Comment 7 by bugdroid1@chromium.org, May 4 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3d379f511131f8692bc7f46e617794d685935a0b

commit 3d379f511131f8692bc7f46e617794d685935a0b
Author: kouhei <kouhei@chromium.org>
Date: Thu May 04 19:53:50 2017

[ES6 modules] accessing document.currentScript on module scripts should not crash

Before this CL, accessing document.currentScript caused crash. It dereferenced nullptr
pushed to Document::current_script_stack_ by ScriptLoader::DoExecuteScript() for
script == ScriptType::kModule.

This CL adds null check in Document::currentScriptForBinding so that it is aware that
the item on the stack may be nullptr.

TEST=wpt/html/semantics/scripting-1/the-script-element/module/currentScript-null.html
BUG= 716951 

Review-Url: https://codereview.chromium.org/2860913002
Cr-Commit-Position: refs/heads/master@{#469435}

[add] https://crrev.com/3d379f511131f8692bc7f46e617794d685935a0b/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-script-element/module/currentScript-null.html
[add] https://crrev.com/3d379f511131f8692bc7f46e617794d685935a0b/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-script-element/module/currentscript.js
[add] https://crrev.com/3d379f511131f8692bc7f46e617794d685935a0b/third_party/WebKit/LayoutTests/external/wpt/html/semantics/scripting-1/the-script-element/module/set-currentScript-on-window.js
[modify] https://crrev.com/3d379f511131f8692bc7f46e617794d685935a0b/third_party/WebKit/Source/core/dom/Document.cpp

Comment 8 by kouhei@chromium.org, May 5 2017

Status: Fixed (was: Started)

Sign in to add a comment