New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727124 link

Starred by 2 users
Status: Duplicate
Merged: issue 705963
Owner:
kozyatinskiy@chromium.org
Last visit > 30 days ago
Closed: May 2017
Cc:
hdodda@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Browser crashes when there's a debugger statement in an image's onload attribute/handler

Reported by rocca.jo...@gmail.com, May 28 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

Steps to reproduce the problem:
1. Open a new tab, open JS console, and execute the following command:

document.body.innerHTML = `<img src="https://i.imgur.com/ahi2w.jpg" onload="debugger; console.log('hello')" />`;

What is the expected behavior?
Browser displays image, doesn't crash

What went wrong?
Browser crashes

Did this work before? N/A 

Chrome version: 58.0.3029.96  Channel: n/a
OS Version: 
Flash Version: 

If you remove the `debugger` statement it works fine.

I tried searching for existing issues but could find any - sorry if this is a duplicate. Would seem strange than no one has reported this bug, but I suppose it could have been introduced recently.

Comment 1 by ja...@apphaus.co.uk, May 28 2017 

I can replicate this in MacOS on Version 61.0.3114.0 (Official Build) canary (64-bit).

DevTools disconnects and the tab crashes.

I can replicate this for other Event Attributes too, e.g.:

document.body.innerHTML = '<input type="text" oninput="debugger;" />';
document.body.setAttribute('onbeforeunload', "debugger");

Furthermore, if you pause script execution in the Sources panel and execute code as above without the debugger statement the same issue occurs if you step through the code. Even the presence of the 'onload' attribute appears to trigger this.

Comment 2 by ajha@chromium.org, May 29 2017

Labels: Needs-Triage-M58 Needs-Bisect

Comment 3 by hdodda@chromium.org, May 29 2017

Cc: hdodda@chromium.org
Labels: Needs-Feedback
Tested the issue on ubuntu 1404 and mac os 10.12.4 using chrome M58 #58.0.3029.110  & M60 #60.0.3114.0 and issue is not reproduced.

Attached screencast for reference.

@rocca.joseph-- Could you please update the chrome to latest stable and also please check if you can able to reprodce the issue , provide us the crash id and help us if we had missed any steps in attached screencast.

Thanks!
727124.ogv
995 KB View Download

Comment 4 by woxxom@gmail.com, May 29 2017 

#3, hdodda@chromium.org, simply do it on another page like http://www.example.com
Seriously, does the test team consists of robots?

Comment 5 by ja...@apphaus.co.uk, May 30 2017 

#3, I don't see the CSP violation in Canary or Chrome stable. I can replicate the issue on http://www.example.com

Crash ID: crash/1438cb2f70000000

Comment 6 by pfeldman@chromium.org, May 30 2017

Owner: kozyatinskiy@chromium.org
Status: Assigned (was: Unconfirmed)
Debugger blackboxing issue.

Comment 7 by kozyatinskiy@chromium.org, May 30 2017

Mergedinto: 705963
Status: Duplicate (was: Assigned)

Sign in to add a comment