Bug 1288898 - Document::createEvent sometimes creates events with the initialized flag set, r=masayuki
authorOlli Pettay <Olli.Pettay@helsinki.fi>
Fri, 29 Jul 2016 19:45:52 +0300
changeset 332413 86a982b73d1bf14c2b4aae8d04855506b9e05211
parent 332412 e7e09f863442dc1e7f3df9dac8e075b360975b76
child 332414 06deb7bd6e66b4deb4ea4e9f9e20ff0b9ca9a415
push id9858
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 14:37:10 +0000
treeherdermozilla-aurora@203106ef6cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmasayuki
bugs1288898
milestone50.0a1
Bug 1288898 - Document::createEvent sometimes creates events with the initialized flag set, r=masayuki
dom/events/Event.h
dom/events/EventDispatcher.cpp
--- a/dom/events/Event.h
+++ b/dom/events/Event.h
@@ -238,16 +238,23 @@ public:
   /**
    * For a given current target, returns the related target adjusted with
    * shadow DOM retargeting rules. Returns nullptr if related target
    * is not adjusted.
    */
   static nsIContent* GetShadowRelatedTarget(nsIContent* aCurrentTarget,
                                             nsIContent* aRelatedTarget);
 
+  void MarkUninitialized()
+  {
+    mEvent->mMessage = eVoidEvent;
+    mEvent->mSpecifiedEventTypeString.Truncate();
+    mEvent->mSpecifiedEventType = nullptr;
+  }
+
 protected:
 
   // Internal helper functions
   void SetEventType(const nsAString& aEventTypeArg);
   already_AddRefed<nsIContent> GetTargetFromFrame();
 
   friend class EventMessageAutoOverride;
   friend class WantsPopupControlCheck;
--- a/dom/events/EventDispatcher.cpp
+++ b/dom/events/EventDispatcher.cpp
@@ -874,17 +874,20 @@ EventDispatcher::CreateEvent(EventTarget
       aEventType.LowerCaseEqualsLiteral("textevents")) {
     return NS_NewDOMCompositionEvent(aOwner, aPresContext, nullptr);
   }
   if (aEventType.LowerCaseEqualsLiteral("mutationevent") ||
         aEventType.LowerCaseEqualsLiteral("mutationevents"))
     return NS_NewDOMMutationEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("deviceorientationevent")) {
     DeviceOrientationEventInit init;
-    return DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init);
+    RefPtr<Event> event =
+      DeviceOrientationEvent::Constructor(aOwner, EmptyString(), init);
+    event->MarkUninitialized();
+    return event.forget();
   }
   if (aEventType.LowerCaseEqualsLiteral("devicemotionevent"))
     return NS_NewDOMDeviceMotionEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("uievent") ||
       aEventType.LowerCaseEqualsLiteral("uievents"))
     return NS_NewDOMUIEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("event") ||
       aEventType.LowerCaseEqualsLiteral("events") ||
@@ -913,34 +916,43 @@ EventDispatcher::CreateEvent(EventTarget
     return NS_NewDOMNotifyPaintEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("simplegestureevent"))
     return NS_NewDOMSimpleGestureEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("beforeunloadevent"))
     return NS_NewDOMBeforeUnloadEvent(aOwner, aPresContext, nullptr);
   // XXXkhuey this is broken
   if (aEventType.LowerCaseEqualsLiteral("pagetransition")) {
     PageTransitionEventInit init;
-    return PageTransitionEvent::Constructor(aOwner, EmptyString(), init);
+    RefPtr<Event> event =
+      PageTransitionEvent::Constructor(aOwner, EmptyString(), init);
+    event->MarkUninitialized();
+    return event.forget();
   }
   if (aEventType.LowerCaseEqualsLiteral("scrollareaevent"))
     return NS_NewDOMScrollAreaEvent(aOwner, aPresContext, nullptr);
   // XXXkhuey Chrome supports popstateevent here, even though it provides no
   // initPopStateEvent method.  This is nuts ... but copying it is unlikely to
   // break the web.
   if (aEventType.LowerCaseEqualsLiteral("popstateevent")) {
     AutoJSContext cx;
     RootedDictionary<PopStateEventInit> init(cx);
-    return PopStateEvent::Constructor(aOwner, EmptyString(), init);
+    RefPtr<Event> event =
+      PopStateEvent::Constructor(aOwner, EmptyString(), init);
+    event->MarkUninitialized();
+    return event.forget();
   }
   if (aEventType.LowerCaseEqualsLiteral("touchevent") &&
       TouchEvent::PrefEnabled(nsContentUtils::GetDocShellForEventTarget(aOwner)))
     return NS_NewDOMTouchEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("hashchangeevent")) {
     HashChangeEventInit init;
-    return HashChangeEvent::Constructor(aOwner, EmptyString(), init);
+    RefPtr<Event> event =
+      HashChangeEvent::Constructor(aOwner, EmptyString(), init);
+    event->MarkUninitialized();
+    return event.forget();
   }
   if (aEventType.LowerCaseEqualsLiteral("customevent"))
     return NS_NewDOMCustomEvent(aOwner, aPresContext, nullptr);
   if (aEventType.LowerCaseEqualsLiteral("storageevent")) {
     return NS_NewDOMStorageEvent(aOwner);
   }