Bug 120408 - Khtml crashes when using initTextEvent with keyup
Summary: Khtml crashes when using initTextEvent with keyup
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 3.5
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 113245 120412 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-01-18 21:48 UTC by Fredrik Johansson
Modified: 2006-01-22 15:56 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Testfile with a javascript function (986 bytes, text/html)
2006-01-18 21:56 UTC, Fredrik Johansson
Details
Altered demo file (1.83 KB, text/html)
2006-01-21 19:58 UTC, Maksim Orlovich
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fredrik Johansson 2006-01-18 21:48:58 UTC
Version:           3.5 (using KDE 3.5.0, Kubuntu Package 4:3.5.0-0ubuntu0breezy1 breezy)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.12-10-386

If you create a TextEvent and init it with a keyup event in javascript khtml crashes.

basically:

e = document.createEvent("TextEvents");

e.initTextEvent("keyup",
		true, 
		true,
		window,
		1,
		"c", 
		0,
		0, 
		true,
		false);

document.getElementById("kill").dispatchEvent(e);

testcase included
Comment 1 Fredrik Johansson 2006-01-18 21:56:36 UTC
Created attachment 14300 [details]
Testfile with a javascript function

Hope this helps

Regards 
Fredrik Johansson
Comment 2 Tommi Tervo 2006-01-18 22:01:05 UTC
#4  0x4004d2f6 in QEvent::type (this=0x0) at qevent.h:144
#5  0x41f18ebe in khtml::RenderWidget::EventPropagator::sendEvent (
    this=0x863a988, e=0x0) at render_replaced.cpp:654
#6  0x41f19283 in khtml::RenderWidget::handleEvent (this=0x8775f50, 
    ev=@0x83a0e40) at render_replaced.cpp:752
#7  0x41ea6268 in DOM::HTMLGenericFormElementImpl::defaultEventHandler (
    this=0x84dd5b8, evt=0x83a0e40) at html_formimpl.cpp:976
#8  0x41eb2dae in DOM::HTMLInputElementImpl::defaultEventHandler (
    this=0x84dd5b8, evt=0x83a0e40) at html_formimpl.cpp:1748
#9  0x41e64165 in DOM::NodeImpl::dispatchGenericEvent (this=0x84dd5b8, 
    evt=0x83a0e40) at dom_nodeimpl.cpp:401
#10 0x41e64634 in DOM::NodeImpl::dispatchEvent (this=0x84dd5b8, evt=0x83a0e40, 
    exceptioncode=@0xbfdabcbc, tempEvent=false) at dom_nodeimpl.cpp:345
#11 0x42039c73 in DOM::Node::dispatchEvent (this=0xbfdabd94, evt=@0xbfdabe20)
    at dom_node.cpp:389
#12 0x41f90478 in KJS::DOMNodeProtoFunc::tryCall (this=0x860d988, 
    exec=0xbfdac30c, thisObj=@0xbfdac0e8, args=@0xbfdac0f8) at kjs_dom.cpp:510
#13 0x41f82b96 in KJS::DOMFunction::call (this=0x860d988, exec=0xbfdac30c, 
    thisObj=@0xbfdac0e8, args=@0xbfdac0f8) at kjs_binding.cpp:114
#14 0x4217b89e in KJS::Object::call (this=0xbfdac0f0, exec=0xbfdac30c, 
    thisObj=@0xbfdac0e8, args=@0xbfdac0f8) at object.cpp:70
#15 0x4213ae80 in KJS::FunctionCallNode::evaluate (this=0x85589e8, 
    exec=0xbfdac30c) at nodes.cpp:870
#16 0x42140ae9 in KJS::ExprStatementNode::execute (this=0x8376410, 
    exec=0xbfdac30c) at nodes.cpp:1980
#17 0x421476d0 in KJS::SourceElementsNode::execute (this=0x861ab18, 
    exec=0xbfdac30c) at nodes.cpp:3097
#18 0x421408e4 in KJS::BlockNode::execute (this=0x850f9c0, exec=0xbfdac30c)
    at nodes.cpp:1942
#19 0x421748ef in KJS::DeclaredFunctionImp::execute (this=0x86bbe80, 
    exec=0xbfdac30c) at function.cpp:579
#20 0x42173c18 in KJS::FunctionImp::call (this=0x86bbe80, exec=0xbfdac5ec, 
    thisObj=@0xbfdac3c8, args=@0xbfdac3d8) at function.cpp:354
Comment 3 Maksim Orlovich 2006-01-18 22:11:27 UTC
Was it you who filed the mutation event bug? ;-) (This one looks a bit harder)
Comment 4 Fredrik Johansson 2006-01-18 22:48:26 UTC
Yes it was me..(H) 
Well I would like to help you but I dont no that much C++, sorry..

/ Fredrik J
Comment 5 Maksim Orlovich 2006-01-18 23:04:54 UTC
Actually, I just want to say that you're helping with those bug reports a great deal :-) 
Comment 6 Maksim Orlovich 2006-01-18 23:36:31 UTC
Actually, does anything else provide TextEvent's like that? May be I should make it more Mozilla-like or more DOM3-like or something? (Unless there is some chance something is actually using those --- it seems unlikely, since it doesn't actually setup the keypress right..)
Comment 7 Maksim Orlovich 2006-01-19 02:04:53 UTC
I think I am going to implement KeyboardEvent... So if you have testcases for it, I'll be thankful
Comment 8 Fredrik Johansson 2006-01-19 07:08:43 UTC
No problem, I only try to help as much as I can to make khtml even greater!.

> Actually, does anything else provide TextEvent's like that? 
No I dont think so, if you go bug 120412 you se what I am trying to do.

>I think I am going to implement KeyboardEvent... So if you have testcases for >it, I'll be thankful 
Well the only browser that support Dom3 KeyboardEvent is as far as I can tell Safari-webcore. I dont own a mac so I dont have a testcase for that sorry..
The mozilla one KeyEvents is, I think, an older W3c Dom spec And isnt that flexible. 
Only problem I can see with Dom3 event spec at the moment is that it is not yet a recomendation, only a working draft.

So if I ask me id say its propably better to go more to the webcore way as that would make the khtml bransh more conform, rather than going the mozilla way.

Sorry that I didnt have a testcase here for KeyboardEvents

Regards
Fredrik Johansson
Comment 9 Maksim Orlovich 2006-01-21 18:18:47 UTC
I have a work branch where I (mostly) implemented the DOM3 stuff. Now the following:
1) doesn't crash
2) Also appends input:
<script language="JavaScript" type="text/javascript">

	function testKill() {
		e = document.createEvent("TextEvent");
		// init this TextEvent
		e.initTextEvent("keypress", 	// const DOMString &   typeArg, 
				true, 		// bool   canBubbleArg, 
				true, 		// bool   cancelableArg, 
				window,		// const AbstractView &   viewArg, 
				"c");
		document.getElementById("inp").dispatchEvent(e);
	}

</script>
</head>
<body>	
	<input type="button" id="kill" onclick="testKill()" value="kill me with KeyUp"/>
	<input id="inp">
</body>
</html>

So does this:
		e = document.createEvent("KeyboardEvent");
		// init this KeyboardEvent
		e.initKeyboardEvent("keydown", 	// const DOMString &   typeArg, 
				true, 		// bool   canBubbleArg, 
				true, 		// bool   cancelableArg, 
				window,		// const AbstractView &   viewArg, 
				"c",            // identifier
				KeyboardEvent.DOM_KEY_LOCATION_STANDARD,
				"");
		document.getElementById("inp").dispatchEvent(e);

Note that there will likely be some security-related restrictions on what can be said (e.g. currently I disallow setting ctrl, alt, meta modifiers to make sure you can't trigger any accelerators, but things like auto-completion may matter, too)
Comment 10 Maksim Orlovich 2006-01-21 18:22:57 UTC
hmm, actually only TextEvent synthesizes properly -- sorry, got the two testcases confused. That may be reasonable though -- not sure.
Comment 11 Maksim Orlovich 2006-01-21 18:25:42 UTC
even more adjustment: basically, a keypress will get dispatched properly to the widget, no matter whether it's a TextEvent or a KeyboardEvent -- but keyup/keydown will basically have no effect. I really should go read the code for the renderer part of this and not try to figure it out experimentally :-)
Comment 12 Maksim Orlovich 2006-01-21 19:55:41 UTC
*** Bug 120412 has been marked as a duplicate of this bug. ***
Comment 13 Maksim Orlovich 2006-01-21 19:58:43 UTC
Created attachment 14328 [details]
Altered demo file

And here is your text event demo app altered in a way that'll work in 3.5.2...
Note: one way of detecting konq 3.5.2 may be if (window.KeyboardEvent) -- even
Safari doesn't have this object, I think.
Comment 14 Maksim Orlovich 2006-01-21 20:11:52 UTC
*** Bug 113245 has been marked as a duplicate of this bug. ***
Comment 15 Maksim Orlovich 2006-01-22 01:54:17 UTC
SVN commit 501078 by orlovich:

OK, I am happy w/them now, and cartman says gmail even works.
Merging keyboard event improvements into normal 3.5 branch.
This improves DOM L3 events support and compatibility with other browsers,
as well as fixes a couple of crashers.

Oh,and I even fixed some apidocs to not be blatantly wrong!
BUG:120408
BUG:118321


 M  +44 -18    dom/dom2_events.cpp  
 M  +12 -18    dom/dom2_events.h  
 M  +163 -47   ecma/kjs_events.cpp  
 M  +44 -4     ecma/kjs_events.h  
 M  +22 -11    ecma/kjs_window.cpp  
 M  +2 -1      ecma/kjs_window.h  
 M  +12 -0     html/html_baseimpl.cpp  
 M  +15 -8     html/html_formimpl.cpp  
 M  +5 -2      rendering/render_replaced.cpp  
 M  +359 -245  xml/dom2_eventsimpl.cpp  
 M  +117 -46   xml/dom2_eventsimpl.h  
 M  +8 -5      xml/dom_docimpl.cpp  
 M  +5 -1      xml/dom_nodeimpl.cpp  
Comment 16 Fredrik Johansson 2006-01-22 15:56:53 UTC
Whow, you implemented all this in just a couple of days? 
I'am deeply impressed! 
I thougth it would take weeks or months...

In any case I took down a svn copy and compiled it and it works like a charm!
The only minor thing I could find was that it doesnt seem to dispatch when init with canbubble=false. 
Not sure if that's such a big thing tough..

Thank you were much, khtml just gets better and better!

Regards
Fredrik Johansson