New issue
Advanced search Search tips

Issue 721225 link

Starred by 3 users
Status: Fixed
Owner:
japhet@chromium.org
Closed: May 2017
Cc:
ajha@chromium.org
japhet@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

XHR to an XML containing CDATA section returns empty response

Reported by kwk...@vivliostyle.com, May 11 2017 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0

Steps to reproduce the problem:
1. Open the attached HTML file (canary-xhr-bug.html)

What is the expected behavior?
Since both of request.response and request.responseXML should be an XMLDocument object, the following text should be displayed:

request.response = [object XMLDocument]
request.responseXML = [object XMLDocument]

What went wrong?
Both of request.response and request.responseXML is null and the following text is displayed:

request.response = null
request.responseXML = null

Did this work before? Yes 58.0.3029.110 (Official Build)  (64bit)

Does this work in other browsers? Yes

Chrome version: 60.0.3095.5 (Official Build) canary (64bit)  Channel: canary
OS Version: OS X 10.12
Flash Version: Shockwave Flash 24.0 r0

An XML file on GitHub Pages is referenced as the target of XHR so that you can inspect HTTP headers etc.
The request is cross-origin since the XML file is on github.io.
However, this problem also occur when the request is not cross-origin.
I tested it with a server running on my local machine, and it turned out that the minimum XML file that causes the problem is the attached one (minimum-error.xml).
canary-xhr-bug.html
725 bytes View Download
minimum-error.xml
80 bytes View Download

Comment 1 by ajha@chromium.org, May 12 2017

Labels: Needs-Triage-M60 Needs-Bisect

Comment 2 by tapted@chromium.org, May 12 2017

Components: Blink>Network>XHR

Comment 3 by ajha@chromium.org, May 12 2017

Cc: ajha@chromium.org
Labels: -Pri-2 -Needs-Bisect -Needs-Triage-M60 hasbisect-per-revision ReleaseBlock-Stable M-60 OS-Linux OS-Windows Pri-1
Owner: japhet@chromium.org
Status: Assigned (was: Unconfirmed)
Thanks for the test file.

Able to reproduce the issue on the latest canary(60.0.3096.0) using canary-xhr-bug.html file on Windows-10, Mac OS 10.12.4 and Linux Ubuntu 14.04.

Regressed in M-60:

Last good build: 60.0.3083.0
First bad build: 60.0.3084.0

Changelog:
==========
https://chromium.googlesource.com/chromium/src/+log/f95d508c15009e62252c38701982042740289d84..716a136332fbd8efc12a3892b6ae2a6c0be94ba7

Nate@: Could you please take a look at this.

Thank you!

Comment 4 by phistuck@gmail.com, May 12 2017 

@Nate -

https://chromium.googlesource.com/chromium/src/+/716a136332fbd8efc12a3892b6ae2a6c0be94ba7%5E%21/#F14
ImplicitClose() was replaced with CheckCompleted()

(CheckCompleted() sounds like a detection, rather than an action, though I see this is not the case, the name is misleading to me)

CheckCompleted() probably bails early somewhere -
+void Document::CheckCompleted() {
+  if (!ShouldComplete())
+    return;
+  if (frame_) {
+    frame_->Client()->RunScriptsAtDocumentIdle();
+
+    // Injected scripts may have disconnected this frame.
+    if (!frame_)
+      return;
+
+    // Check again, because runScriptsAtDocumentIdle() may have delayed the load
+    // event.
+    if (!ShouldComplete())
+      return;
+  }
+
+  // OK, completed. Fire load completion events as needed.
+  SetReadyState(kComplete);
+  if (LoadEventStillNeeded())
+    ImplicitClose();

Comment 5 by jmukthavaram@chromium.org, May 15 2017

Cc: japhet@chromium.org
 Issue 721523  has been merged into this issue.

Comment 6 by japhet@chromium.org, May 16 2017

Status: Started (was: Assigned)
Thanks for the great test case, kwkbtr! That made life a lot easier.
Project Member

Comment 7 by bugdroid1@chromium.org, May 22 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/25fa842cb11198a37ed0ae14a9618e20d2f97a02

commit 25fa842cb11198a37ed0ae14a9618e20d2f97a02
Author: japhet <japhet@chromium.org>
Date: Mon May 22 21:23:08 2017

Style tag in an XHR's responseXML shouldn't make the responseXML be null.

XMLHTTPRequest::response_document_ gets incorrectly cleared because
Document::well_formed_ is incorrectly false. This is because
well_formed_ is initialized in Document::ImplicitClose().
XMLHttpRequest used to call ImplicitClose() directly, but I changed
it to call Document::CheckCompleted() (which may then call
ImplicitClose) in
https://chromium.googlesource.com/chromium/src/+/716a136332fbd8efc12a3892b6ae2a6c0be94ba7

I had thought that CheckCompleted() would always call ImplicitClose()
for an XHR response document, but it's possible for CheckCompleted()
to early-exit because the document is not complete if a style element
has blocked load completion and won't un-block it until a timer is
fired.

There's no reason to wait until ImplicitClose() to set the well-formed
bit, though. Document::FinishedParsing() is sufficient, and setting it
there removes the need for XMLHttpRequest to manually call
CheckCompleted().

BUG= 721225 
TEST=http/tests/xmlhttprequest/style-tag-in-responseXML.html

Review-Url: https://codereview.chromium.org/2885633002
Cr-Commit-Position: refs/heads/master@{#473701}

[add] https://crrev.com/25fa842cb11198a37ed0ae14a9618e20d2f97a02/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/resources/xml-with-style-tag.xml
[add] https://crrev.com/25fa842cb11198a37ed0ae14a9618e20d2f97a02/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/style-tag-in-responseXML.html
[modify] https://crrev.com/25fa842cb11198a37ed0ae14a9618e20d2f97a02/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/25fa842cb11198a37ed0ae14a9618e20d2f97a02/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp

Comment 8 by japhet@chromium.org, May 22 2017

Status: Fixed (was: Started)
This should be resolved in tomorrow's canary.

Sign in to add a comment