Bug 459848 - backout bug 346984 r+sr=bz
authorOlli Pettay <Olli.Pettay@helsinki.fi>
Fri, 17 Oct 2008 01:35:45 +0300
changeset 20552 431ea3ed979c6f95f48836600b8361ad9f19efde
parent 20551 2037496284ee797a8c0632d7c363e675286a9962
child 20553 5739a6b4881270758e3980f4adcefd822843162a
push id2959
push useropettay@mozilla.com
push dateThu, 16 Oct 2008 22:35:59 +0000
treeherdermozilla-central@431ea3ed979c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs459848, 346984
milestone1.9.1b2pre
Bug 459848 - backout bug 346984 r+sr=bz
dom/src/base/nsJSEnvironment.cpp
dom/tests/mochitest/bugs/Makefile.in
dom/tests/mochitest/bugs/test_bug459848.html
--- a/dom/src/base/nsJSEnvironment.cpp
+++ b/dom/src/base/nsJSEnvironment.cpp
@@ -1945,49 +1945,16 @@ nsJSContext::CallEventHandler(nsISupport
 
   nsCOMPtr<nsIJSContextStack> stack =
     do_GetService("@mozilla.org/js/xpc/ContextStack;1", &rv);
   if (NS_FAILED(rv) || NS_FAILED(stack->Push(mContext)))
     return NS_ERROR_FAILURE;
 
   // check if the event handler can be run on the object in question
   rv = sSecurityManager->CheckFunctionAccess(mContext, aHandler, target);
-  if (NS_SUCCEEDED(rv)) {
-    // We're not done yet!  Some event listeners are confused about their
-    // script context, so check whether we might actually be the wrong script
-    // context.  To be safe, do CheckFunctionAccess checks for both.
-    nsCOMPtr<nsIContent> content = do_QueryInterface(aTarget);
-    if (content) {
-      // XXXbz XBL2/sXBL issue
-      nsIDocument* ownerDoc = content->GetOwnerDoc();
-      if (ownerDoc) {
-        nsIScriptGlobalObject* global = ownerDoc->GetScriptGlobalObject();
-        if (global) {
-          nsIScriptContext* context =
-            global->GetScriptContext(JAVASCRIPT);
-          if (context && context != this) {
-            JSContext* cx =
-              static_cast<JSContext*>(context->GetNativeContext());
-            rv = stack->Push(cx);
-            if (NS_SUCCEEDED(rv)) {
-              rv = sSecurityManager->CheckFunctionAccess(cx, aHandler,
-                                                         target);
-              // Here we lose no matter what; we don't want to leave the wrong
-              // cx on the stack.  I guess default to leaving mContext, to
-              // cover those cases when we really do have a different context
-              // for the handler and the node.  That's probably safer.
-              if (NS_FAILED(stack->Pop(nsnull))) {
-                return NS_ERROR_FAILURE;
-              }
-            }
-          }
-        }
-      }
-    }
-  }
 
   nsJSContext::TerminationFuncHolder holder(this);
 
   if (NS_SUCCEEDED(rv)) {
     // Convert args to jsvals.
     void *mark;
     PRUint32 argc = 0;
     jsval *argv = nsnull;
--- a/dom/tests/mochitest/bugs/Makefile.in
+++ b/dom/tests/mochitest/bugs/Makefile.in
@@ -76,12 +76,13 @@ include $(topsrcdir)/config/rules.mk
 		test_bug411103.html \
 		test_bug414291.html \
 		test_bug430276.html \
 		iframe_bug430276.html \
 		iframe_bug430276-2.html \
 		test_bug440572.html \
 		iframe_bug440572.html \
 		test_bug437361.html \
+		test_bug459848.html \
 		$(NULL)
 
 libs:: 	$(_TEST_FILES)
 	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/tests/$(relativesrcdir)
new file mode 100644
--- /dev/null
+++ b/dom/tests/mochitest/bugs/test_bug459848.html
@@ -0,0 +1,61 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=459848
+-->
+<head>
+  <title>Test for Bug 459848</title>
+  <script type="application/javascript" src="/MochiKit/MochiKit.js"></script>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=459848">Mozilla Bug 459848</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+  
+</div>
+<pre id="test">
+<script type="application/javascript">
+
+/** Test for Bug 459848 **/
+
+var ifr1, irf2;
+var doc1, doc2;
+
+function testDocument(d) {
+  d.documentElement.setAttribute("onload", "this.setAttribute('didRun', 'true');");
+  var e = d.createEvent("Events");
+  e.initEvent("load", true, true);
+  d.documentElement.dispatchEvent(e);
+}
+
+function testDoc2() {
+  testDocument(doc2);
+  isnot(doc2.documentElement.getAttribute("didRun"), "true",
+        "Shouldn't have run an event listener");
+  SimpleTest.finish();
+}
+
+function startTest() {
+  var ifr1 = document.getElementById('iframe1');
+  var ifr2 = document.getElementById('iframe2');
+  doc1 = ifr1.contentDocument;
+  doc2 = ifr2.contentDocument;
+  
+  testDocument(doc1);
+  is(doc1.documentElement.getAttribute("didRun"), "true",
+     "Should have run an event listener");
+
+  ifr2.parentNode.removeChild(ifr2);
+  setTimeout(testDoc2, 0);
+}
+SimpleTest.waitForExplicitFinish();
+addLoadEvent(startTest);
+
+</script>
+</pre>
+<iframe id="iframe1"></iframe>
+<iframe id="iframe2"></iframe>
+</body>
+</html>