Title: [177063] branches/safari-600.1.4.13-branch
- Revision
- 177063
- Author
- bshaf...@apple.com
- Date
- 2014-12-10 08:54:40 -0800 (Wed, 10 Dec 2014)
Log Message
Merged r174922. rdar://problem/19131993
Modified Paths
Added Paths
Diff
Modified: branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog (177062 => 177063)
--- branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog 2014-12-10 16:53:01 UTC (rev 177062)
+++ branches/safari-600.1.4.13-branch/LayoutTests/ChangeLog 2014-12-10 16:54:40 UTC (rev 177063)
@@ -1,5 +1,19 @@
2014-12-10 Babak Shafiei <bshaf...@apple.com>
+ Merge r174922.
+
+ 2014-10-17 Jeffrey Pfau <jp...@apple.com>
+
+ Ensure attached frame count doesn't exceed the maximum allowed frames
+ https://bugs.webkit.org/show_bug.cgi?id=136457
+
+ Reviewed by Alexey Proskuryakov.
+
+ * fast/frames/exponential-frames-expected.txt: Added.
+ * fast/frames/exponential-frames.html: Added.
+
+2014-12-10 Babak Shafiei <bshaf...@apple.com>
+
Merge r173845.
2014-09-22 David Hyatt <hy...@apple.com>
Copied: branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames-expected.txt (from rev 175521, branches/safari-600.3-branch/LayoutTests/fast/frames/exponential-frames-expected.txt) (0 => 177063)
--- branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames-expected.txt (rev 0)
+++ branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames-expected.txt 2014-12-10 16:54:40 UTC (rev 177063)
@@ -0,0 +1 @@
+This test passes if it does not crash.
Copied: branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames.html (from rev 175521, branches/safari-600.3-branch/LayoutTests/fast/frames/exponential-frames.html) (0 => 177063)
--- branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames.html (rev 0)
+++ branches/safari-600.1.4.13-branch/LayoutTests/fast/frames/exponential-frames.html 2014-12-10 16:54:40 UTC (rev 177063)
@@ -0,0 +1,25 @@
+<html>
+<head>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<body>
+This test passes if it does not crash.
+<script>
+var elem = document.body;
+var frame = document.createElement("iframe");
+frame.setAttribute("id", "frame");
+document.body.appendChild(frame);
+var div = document.createElement("div");
+div.setAttribute("id", "div");
+frame.appendChild(div);
+for (var i = 0; i < 10; i++) {
+ var div = document.getElementById("div");
+ var clone = elem.parentElement.cloneNode(true);
+ div.appendChild(clone);
+}
+frame.parentElement.removeChild(frame);
+</script>
+</body>
+</html>
Modified: branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog (177062 => 177063)
--- branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog 2014-12-10 16:53:01 UTC (rev 177062)
+++ branches/safari-600.1.4.13-branch/Source/WebCore/ChangeLog 2014-12-10 16:54:40 UTC (rev 177063)
@@ -1,5 +1,21 @@
2014-12-10 Babak Shafiei <bshaf...@apple.com>
+ Merge r174922.
+
+ 2014-10-17 Jeffrey Pfau <jp...@apple.com>
+
+ Ensure attached frame count doesn't exceed the maximum allowed frames
+ https://bugs.webkit.org/show_bug.cgi?id=136457
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: fast/frames/exponential-frames.html
+
+ * html/HTMLFrameElementBase.cpp:
+ (WebCore::HTMLFrameElementBase::isURLAllowed):
+
+2014-12-10 Babak Shafiei <bshaf...@apple.com>
+
Merge r173845.
2014-09-22 David Hyatt <hy...@apple.com>
Modified: branches/safari-600.1.4.13-branch/Source/WebCore/html/HTMLFrameElementBase.cpp (177062 => 177063)
--- branches/safari-600.1.4.13-branch/Source/WebCore/html/HTMLFrameElementBase.cpp 2014-12-10 16:53:01 UTC (rev 177062)
+++ branches/safari-600.1.4.13-branch/Source/WebCore/html/HTMLFrameElementBase.cpp 2014-12-10 16:54:40 UTC (rev 177063)
@@ -55,6 +55,9 @@
bool HTMLFrameElementBase::isURLAllowed() const
{
+ if (document().page() && document().page()->subframeCount() >= Page::maxNumberOfFrames)
+ return false;
+
if (m_URL.isEmpty())
return true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
