<div class="gmail_quote">On 27 August 2010 05:02, Boris Zbarsky <span dir="ltr"><<a href="mailto:bzbarsky@mit.edu">bzbarsky@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On 8/26/10 11:58 AM, James May wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I thought I just suggested that?<br>
<br>
Everything works normally (as if it was still attached) until it is<br>
reattached, when the situation is re-evaluated.<br>
</blockquote>
<br></div>
That could fall afoul of security checks that assume that an iframe with a non-null parent is in fact a subframe and that it's owner element is in the DOM. I know Gecko certainly has such internally.<br>
<br>
Again, nothing insurmountable, but there's a bunch of code in Gecko that makes assumptions about when windows can and can't exist that would need auditing. I can't speak to the web compat aspects.<div class="im">
<br></div></blockquote><div><br>Could the iframe be hoisted to the top level of its parent browsing context?<br> </div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
In terms of resource consumption, I don't see how this would be any<br>
different to any other kind of leak that web content can trigger.<br>
</blockquote>
<br></div>
I don't think that's an issue, though this does raise the question of when it's OK to gc the iframe.</blockquote><div><br>When no references remain in either the DOM or script?<br><blockquote> <span style="color: rgb(0, 153, 0);">if an </span><code style="color: rgb(0, 153, 0);"><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#the-iframe-element">iframe</a></code><span style="color: rgb(0, 153, 0);"> is </span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/infrastructure.html#remove-an-element-from-a-document" title="remove an element from a document">removed</a><span style="color: rgb(0, 153, 0);"> from a
</span><code style="color: rgb(0, 153, 0);"><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/infrastructure.html#document">Document</a></code><span style="color: rgb(0, 153, 0);"> and is then subsequently garbage collected,
this will likely mean (in the absence of other references) that the
</span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#child-browsing-context">child browsing context</a><span style="color: rgb(0, 153, 0);">'s </span><code style="color: rgb(0, 153, 0);"><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#windowproxy">WindowProxy</a></code><span style="color: rgb(0, 153, 0);">
object will become eligble for garbage collection, which will then
lead to that </span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#browsing-context">browsing context</a><span style="color: rgb(0, 153, 0);"> being </span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#a-browsing-context-is-discarded" title="a
browsing context is discarded">discarded</a><span style="color: rgb(0, 153, 0);">, which will then
lead to its </span><code style="color: rgb(0, 153, 0);"><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/infrastructure.html#document">Document</a></code><span style="color: rgb(0, 153, 0);"> being </span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#discard-a-document" title="discard a
document">discarded</a><span style="color: rgb(0, 153, 0);"> also. This happens without notice to any
scripts running in that </span><code style="color: rgb(0, 153, 0);"><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/infrastructure.html#document">Document</a></code><span style="color: rgb(0, 153, 0);">; for example, no
</span><code style="color: rgb(0, 153, 0);" title="event-unload">unload</code><span style="color: rgb(0, 153, 0);"> events are fired (the
"</span><a style="color: rgb(0, 153, 0);" href="http://www.whatwg.org/specs/web-apps/current-work/multipage/history.html#unload-a-document">unload a document</a><span style="color: rgb(0, 153, 0);">" steps are not run). </span><br>
</blockquote></div><div>Although I'm not sure why this is different from the regular steps. (<a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#garbage-collection-and-browsing-contexts">http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#garbage-collection-and-browsing-contexts</a>)<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
(I think someone mentioned that iframes can be GC'd normally)<br>
</blockquote>
<br></div>
Can they, with your proposal? It seems that with your proposal if you remove an iframe from the DOM and then forget about it then as long as there's any network activity in that iframe or anything else which might potentially trigger script it cannot be gced. This seems like it would make it very easy to leak document after document...<font color="#888888"><br>
</font></blockquote></div><br>So running scripts and network activity are GC roots?<br><br>-- James<br>