Re: [Ieleak-devel] Automatic Rescanner for new Nodes. Is it really necessary?
Brought to you by:
matthiasmiller
From: Matthias M. <Blog@OutOfHanwell.com> - 2006-09-14 14:29:30
|
Johan Rosman wrote: > > Hi, > > We didn’t discussed this earlier but the biggest conceptual difference > between Drip and siEve is their approach of recognizing newly created > DOM nodes. IE sIEve uses a timer and a rescanner traversing over all > earlier registrated nodes. To catch all the un-attached nodes sIEve > hooked the createElement and cloneNode methods. Drip is hooking as > much as possible methods and events to catch the newly created nodes > as soon as possible. > > I have added 2 tests into the repository with leaks not yet reported > by Drip. > > 1) innerHTMLTest3.htm > > 2) documentWriteInIframeTest.htm > > In the first scenario the innerHTML is not recognized by Drip because > setting the innerHTML on a non-attached node will NOT fire the > onpropertychange event of its parentNode. The onpropertychange event > only fires for nodes attached to the documentElement and not for nodes > attached to a document-fragment. (Btw this is also the reason that the > unattached nodes are not available in the document.all collection) > > In the second scenario we write some leaking html page as a string to > the document of an <iframe>. This is a synchroneous loading of a page > and since it is synchroneous it will NOT fire the > NavigateComplete2Explorer and DocumentCompleteExplorer events to the > browser object and thus are not hooked and recognized by Drip. sIEve > however will do an automatic rescan and search for (i)frame-nodes > which are not yet hooked. > > The drawback of the rescanner is that it takes CPU cycles and before > the timmer fires the innerHTML of an element can be overwritten by > other innerHTML. This is the reason I lately also added the > ‘onpropertychange’ event in sIEve. But still there I have (the > theoretical) gap of overwriting the innerHTML of non-attached nodes > before the rescanner timer fires. (If you wish I can create a test > case for that as well) > Can we just override document.open, document.write, and document.close like we do for other nodes? This should give us a sure way of catching leaks. Changes to innerHTML before the node is attached is more difficult, and I'm not aware of any way to do this without rescanning the page. Thoughts? -Matthias Miller |