layout/base/crashtests/735943.html@6474c204b198
layout/base/crashtests/735943.html
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 <!DOCTYPE html>
2 <html class="reftest-wait">
3 <head>
4 <script>
6 var asvg = '<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><script xlink:href="data:text/javascript," /><rect width="100" height="100" fill="green"><set attributeName="fill" attributeType="CSS" to="red" begin="0s" end="2s" dur="2s" fill="remove" /></rect></svg>';
8 function boom()
9 {
10 var f = document.createElementNS("http://www.w3.org/1999/xhtml", "iframe"); f.src = "data:text/html,1"; document.body.appendChild(f);
11 var w;
13 setTimeout(function() {
14 w = window.open("data:text/html,<body onload=window.close()>", "_blank", "width=200,height=200");
15 // Note that most of the code below will execute before the window appears, and in fact before "w" becomes non-null.
16 }, 0);
18 setTimeout(function() {
19 setTimeout(function() { }, 0);
20 f.contentWindow.location = "data:image/svg+xml," + encodeURIComponent(asvg);
22 setTimeout(function() {
23 setTimeout(function() {
24 setTimeout(function() {
25 document.body.style.MozColumnCount = "2";
26 document.documentElement.className = "";
27 }, 20);
28 }, 0);
29 }, 0);
30 }, 20);
31 }
33 window.addEventListener("MozReftestInvalidate", boom, false);
34 </script>
35 </head>
37 <body></body>
38 </html>
