mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 20:25:44 +00:00
89fce65edf
In the test file 1411473.html, there are 3 calls to
nsImageLoadingContent::LoadImage
1. Triggered by setting src attribute, and this sets the mCurrentRequest.
2. Triggered by setting crossOrigin attribute, this forcibly reloads the image,
and this sets the mPendingRequest.
3. Triggered by loading the image which is adopted into a new created data
document by
'document.implementation.createDocument('', '', null).adoptNode(img)'
However in the 3rd call, when it calls nsImageLoadingContent::LoadImage, It
will bail out in the aDocument->IsLoadedAsData() part
http://searchfox.org/mozilla-central/rev/5a60492a53667fc61a62af1847d005a210b7a4f6/dom/base/nsImageLoadingContent.cpp#942
And when it calls SetBlockedRequest, at this time we have a non-null
mCurrentRequest and a non-null mPendingRequest, so this triggers the
assertion of mPendingRequest should be null when we got blocked, which
is added in bug 1267075
.
Since data document is not the active document,
per https://html.spec.whatwg.org/multipage/images.html#updating-the-image-data,
Step 1, we should skip the image loading in HTMLImageElement.
13 lines
342 B
HTML
13 lines
342 B
HTML
<html>
|
|
<head class="reftest-wait">
|
|
<script>
|
|
var img = new Image(-256, 1024);
|
|
img.src = 'data:;base64,R0lGODlhAQABAAAAACwAAAAAAQABAAA';
|
|
img.onload = function () {
|
|
img.crossOrigin ="Anonymous";
|
|
document.implementation.createDocument('', '', null).adoptNode(img);
|
|
};
|
|
</script>
|
|
</head>
|
|
</html>
|