Assert efc.a0b @ microsoftedgecp.exe!edgehtml.dll!CJScript9Holder::GetPrototype

By design Issue #7206805


Apr 14, 2016
This issue is public.
Found in
  • Microsoft Edge
Found in build #
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

<script id=x>(f=function(){z=document.scripts[0];for (a=[“Attr","Subtree”];a[0];z.addEventListener("DOM"+a.pop()+"Modified",f));z.innerHTML=0;z.outerText=0;})()</script>


Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Travis L.”

    Changed Assigned To to “Rico M.”

    Changed Assigned To from “Rico M.” to “Justin R.”

    Changed Status to “Confirmed”

    Changed Status from “Confirmed” to “By design”

  • How can a browser crash be "by design"?

    Note: you may need to open the F12 developer tools to see the crash with this repro. I’m sure there is a way to create a repro that does not require this, as this issue was originally was found without the F12 dev tools open.

  • Why this is considered "by design":

    The test creates a re-entrancy scenario that you will also find in FireFox due to a standards compliant implementation of DOM mutations. Under some scenarios, during a deeply recursive stack, Edge finds that the stability of the run-time has been compromised such that a page is unlikely to function correctly for the end user. Rather than continue in a broken state that can lead to end-user confusion we instead fail-fast, reload the page for the user and send telemetry regarding the crashing site for our outreach team to work with the site owner.

You need to sign in to your Microsoft account to add a comment.

Sign in