Duplicate request sent for URL of script in iframe on page refresh


Symptoms


Microsoft ADCENTER have a JavaScript library used for ad delivery where they see bug with IE 8 and 9. The javascript creates an IFrame using document.createElement("IFRAME"). The IFrame gets inserted into the DOM. Following that insertion, there is markup containing a "Script src=" written to the IFrame content document. In fiddler, we see 2 requests for the URL of the script when the page is refreshed, although only 1 request is expected. The repro is intermittent and requires that the page and script fiels are not cached. ADCENTER group was able to observe the symptom while running their script in the debugger under IE 9.

Cause


Bug

Resolution


1) Insert the iframe AFTER setting the source as shown in the code below. But the if condition will awlays evaluate to false.

if (contDoc && contDoc.write) {

        contDoc.write(str);

    }

    else {

        ifrm.src = "javascript:'" + str + "'";

    }

   elm.insertBefore(ifrm, elm.firstChild); // workaround

Sample: http://karanamw72/ad/works/works.htm

2) Add cache-control:no-cache to the page and the script file.

More Information


 

CALLSTACKS

First Request:

============

0:014> knL

 # ChildEBP RetAddr 

00 046fee84 756dc2b8 wininet!HttpOpenRequestA

01 046fef30 76f015b7 wininet!HttpOpenRequestW+0x396

02 046ff774 76f01a82 urlmon!CINetHttp::INetAsyncOpenRequest+0x227

03 046ff794 76f00fd3 urlmon!CINet::INetAsyncConnect+0x27d

04 046ff7b0 76efd0a2 urlmon!CINet::INetAsyncOpen+0x15a

05 046ff7c4 76efd058 urlmon!CINet::INetAsyncStart+0x1d

06 046ff7dc 76efd2b7 urlmon!CINet::StartCommon+0x1dd

07 046ff7f0 67622ab2 urlmon!CINet::StartEx+0x1a

08 046ff820 676e6331 mshtml!CTridentFilterHost::StartFilter+0x83

09 046ffaa8 676e1781 mshtml!CDwnBindData::Bind+0x4d5

0a 046ffad0 676e15bd mshtml!NewDwnBindData+0x19d

0b 046ffb28 6772a592 mshtml!CDwnLoad::Init+0x25c

0c 046ffb48 67882337 mshtml!CScriptLoad::Init+0x75

0d 046ffb74 6788223d mshtml!CDwnInfo::SetLoad+0x11e

0e 046ffb94 676edf0e mshtml!CDwnCtx::SetLoad+0x86

0f 046ffc18 676edfaa mshtml!CHtmPre::AddDwnCtx+0x184

10 046ffc68 676e72a7 mshtml!CHtmPre::SpecialToken+0x2c4

11 046ffcfc 676e4096 mshtml!CHtmPre::DoTokenizeOneTagHelper+0xfea

12 046ffd74 676e4702 mshtml!CHtmPre::Tokenize+0xa69

13 046ffda8 676e7d76 mshtml!CHtmPre::Exec+0x27c

14 046ffdc0 6788252e mshtml!CHtmPre::Run+0x1b9

15 046ffe1c 6788c2b7 mshtml!CDwnTaskExec::ThreadExec+0x24f

16 046ffe28 676fd9ad mshtml!CExecFT::ThreadProc+0x4b

17 046ffe34 683bfe33 mshtml!CExecFT::StaticThreadProc+0xe

18 046ffe4c 75b03677 ieframe!_Detour_ThreadProc+0x23

19 046ffe58 77d19f42 kernel32!BaseThreadInitThunk+0xe

1a 046ffe98 77d19f15 ntdll!__RtlUserThreadStart+0x70

1b 046ffeb0 00000000 ntdll!_RtlUserThreadStart+0x1b

 

Second Request:

==============

0:001> knL

 # ChildEBP RetAddr 

00 02f9bc0c 756dc2b8 wininet!HttpOpenRequestA

01 02f9bcb8 76f015b7 wininet!HttpOpenRequestW+0x396

02 02f9c4fc 76f01a82 urlmon!CINetHttp::INetAsyncOpenRequest+0x227

03 02f9c51c 76f00fd3 urlmon!CINet::INetAsyncConnect+0x27d

04 02f9c538 76efd0a2 urlmon!CINet::INetAsyncOpen+0x15a

05 02f9c54c 76efd058 urlmon!CINet::INetAsyncStart+0x1d

06 02f9c564 76efd2b7 urlmon!CINet::StartCommon+0x1dd

07 02f9c578 67622ab2 urlmon!CINet::StartEx+0x1a

08 02f9c5a8 676e6331 mshtml!CTridentFilterHost::StartFilter+0x83

09 02f9c830 676e1781 mshtml!CDwnBindData::Bind+0x4d5

0a 02f9c858 676e15bd mshtml!NewDwnBindData+0x19d

0b 02f9c8b0 6772a592 mshtml!CDwnLoad::Init+0x25c

0c 02f9c8d0 67882337 mshtml!CScriptLoad::Init+0x75

0d 02f9c8fc 6788223d mshtml!CDwnInfo::SetLoad+0x11e

0e 02f9c91c 676edf0e mshtml!CDwnCtx::SetLoad+0x86

0f 02f9c9a0 676edfaa mshtml!CHtmPre::AddDwnCtx+0x184

10 02f9c9f0 676e72a7 mshtml!CHtmPre::SpecialToken+0x2c4

11 02f9ca84 676e4096 mshtml!CHtmPre::DoTokenizeOneTagHelper+0xfea

12 02f9cafc 67639f88 mshtml!CHtmPre::Tokenize+0xa69

13 02f9cb08 6763a22e mshtml!CHtmPre::TokenizeText+0x24

14 02f9cb44 6763a08e mshtml!CHtmLoad::Write+0x1ce

15 02f9cb74 67594210 mshtml!CHtmCtx::Write+0x2a

16 02f9cbe0 65b7865a mshtml!CFastDOM::CDocument::Trampoline_write+0x404

17 02f9cc1c 65c2dc32 jscript9!Js::JavascriptFunction::CallFunction+0xc4

18 02f9cc70 65b7865a jscript9!Js::JavascriptExternalFunction::ExternalFunctionThunk+0x117

19 02f9cca8 65c050b4 jscript9!Js::JavascriptFunction::CallFunction+0xc4

1a 02f9cd10 65c168a5 jscript9!Js::CrossSite::CommonThunk+0x30e

1b 02f9cd30 65b7865a jscript9!Js::CrossSite::DefaultThunk+0x21

1c 02f9cd6c 65bd964c jscript9!Js::JavascriptFunction::CallFunction+0xc4

1d 02f9cd8c 65cc7783 jscript9!Js::InterpreterStackFrame::OP_CallI+0x43

1e 02f9cdcc 65cc6e12 jscript9!Js::InterpreterStackFrame::ProcessWithDebugging+0x8dc

1f 02f9ce00 65cc6da8 jscript9!Js::InterpreterStackFrame::DebugProcess+0x3e

20 02f9ce30 65c60dd7 jscript9!Js::InterpreterStackFrame::DebugProcessThunk+0x69

21 02f9cf20 65b7865a jscript9!Js::InterpreterStackFrame::InterpreterThunk+0x212

22 02f9cf5c 65bd964c jscript9!Js::JavascriptFunction::CallFunction+0xc4

23 02f9cf7c 65cc7783 jscript9!Js::InterpreterStackFrame::OP_CallI+0x43

24 02f9cfbc 65cc6e12 jscript9!Js::InterpreterStackFrame::ProcessWithDebugging+0x8dc

25 02f9cff0 65cc6da8 jscript9!Js::InterpreterStackFrame::DebugProcess+0x3e

26 02f9d020 65c60dd7 jscript9!Js::InterpreterStackFrame::DebugProcessThunk+0x69

27 02f9d0e0 65b7865a jscript9!Js::InterpreterStackFrame::InterpreterThunk+0x212

28 02f9d114 65b7857f jscript9!Js::JavascriptFunction::CallFunction+0xc4

29 02f9d178 65b784b6 jscript9!Js::JavascriptFunction::CallRootFunction+0xb6

2a 02f9d1b4 65b78442 jscript9!ScriptSite::CallRootFunction+0x4f

2b 02f9d1dc 65ba355e jscript9!ScriptSite::Execute+0x63

2c 02f9d268 65ba33f7 jscript9!ScriptEngine::ExecutePendingScripts+0x319

2d 02f9d30c 65b943c5 jscript9!ScriptEngine::ParseScriptTextCore+0x33c

2e 02f9d358 677600a0 jscript9!ScriptEngine::ParseScriptText+0x67

2f 02f9d390 6771f9c5 mshtml!CActiveScriptHolder::ParseScriptText+0xc7

30 02f9d400 6776101f mshtml!CScriptCollection::ParseScriptText+0x2d2

31 02f9d4e4 67760d6e mshtml!CScriptData::CommitCode+0x4ea

32 02f9d530 67761e84 mshtml!CScriptData::Execute+0x1fc

33 02f9d538 67721f77 mshtml!CHtmScriptParseCtx::Execute+0x14

34 02f9d5bc 676e2484 mshtml!CHtmParse::Execute+0x4a

35 02f9d5d4 6771d82f mshtml!CHtmPost::Broadcast+0xf

36 02f9d6e4 676e7c08 mshtml!CHtmPost::Exec+0x68e

37 02f9d744 676e7b34 mshtml!CHtmPost::Run+0x41

38 02f9d764 676e7a99 mshtml!PostManExecute+0x1a3

39 02f9d784 676e79f9 mshtml!PostManResume+0xdd

3a 02f9d794 676cb7b5 mshtml!CHtmPost::OnDwnChanCallback+0x10

3b 02f9d7a4 6786a029 mshtml!CDwnChan::OnMethodCall+0x1f

3c 02f9d7e0 678898a0 mshtml!GlobalWndOnMethodCall+0x115

3d 02f9d828 75e46238 mshtml!GlobalWndProc+0x302

3e 02f9d854 75e468ea user32!InternalCallWinProc+0x23

3f 02f9d8cc 75e47d31 user32!UserCallWinProcCheckWow+0x109

40 02f9d92c 75e47dfa user32!DispatchMessageWorker+0x3bc

41 02f9d93c 683b1c24 user32!DispatchMessageW+0xf

42 02f9fa60 683d1aee ieframe!CTabWindow::_TabWindowThreadProc+0x722

43 02f9fb1c 76e416c0 ieframe!LCIETab_ThreadProc+0x317

44 02f9fb2c 683bfe33 iertutil!_IsoThreadProc+0xe

45 02f9fb44 75b03677 ieframe!_Detour_ThreadProc+0x23

46 02f9fb50 77d19f42 kernel32!BaseThreadInitThunk+0xe

47 02f9fb90 77d19f15 ntdll!__RtlUserThreadStart+0x70

48 02f9fba8 00000000 ntdll!_RtlUserThreadStart+0x1b

 

0:001> dt jscript9!Js::FunctionBody::SourceInfo (poi(poi(02f9d020+8)+4)+0x28) pUtf8Source

   +0x004 pUtf8Source : 0x02d913c1  "renderAd("divID");....."