Title: [214771] releases/WebKitGTK/webkit-2.16
- Revision
- 214771
- Author
- carlo...@webkit.org
- Date
- 2017-04-03 05:01:58 -0700 (Mon, 03 Apr 2017)
Log Message
Merge r214194 - Prevent new navigations from onbeforeunload handler
https://bugs.webkit.org/show_bug.cgi?id=169891
<rdar://problem/31155736>
Reviewed by Ryosuke Niwa.
Source/WebCore:
Ensure that all navigations initiated from an onbeforeunload handler are disallowed
regardless of how they were scheduled. Such navigations go against the expectation
of a user.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::isNavigationAllowed): Added.
(WebCore::FrameLoader::loadURL): Modified code to call FrameLoader::isNavigationAllowed().
(WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
(WebCore::FrameLoader::stopAllLoaders): Ditto.
* loader/FrameLoader.h:
LayoutTests:
Update test to ensure that we disallow navigation initiated via a DOM click event from
an onbeforeunload handler.
* fast/events/before-unload-forbidden-navigation.html:
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog (214770 => 214771)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog 2017-04-03 11:25:05 UTC (rev 214770)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog 2017-04-03 12:01:58 UTC (rev 214771)
@@ -1,3 +1,16 @@
+2017-03-20 Daniel Bates <daba...@apple.com>
+
+ Prevent new navigations from onbeforeunload handler
+ https://bugs.webkit.org/show_bug.cgi?id=169891
+ <rdar://problem/31155736>
+
+ Reviewed by Ryosuke Niwa.
+
+ Update test to ensure that we disallow navigation initiated via a DOM click event from
+ an onbeforeunload handler.
+
+ * fast/events/before-unload-forbidden-navigation.html:
+
2017-03-19 Chris Dumez <cdu...@apple.com>
`const location = "foo"` throws in a worker
Modified: releases/WebKitGTK/webkit-2.16/LayoutTests/fast/events/before-unload-forbidden-navigation.html (214770 => 214771)
--- releases/WebKitGTK/webkit-2.16/LayoutTests/fast/events/before-unload-forbidden-navigation.html 2017-04-03 11:25:05 UTC (rev 214770)
+++ releases/WebKitGTK/webkit-2.16/LayoutTests/fast/events/before-unload-forbidden-navigation.html 2017-04-03 12:01:58 UTC (rev 214771)
@@ -12,6 +12,7 @@
}
var log = document.getElementById('log');
+var didFireBeforeUnloadEvent = false;
function test(iframe) {
if (iframe.done) {
@@ -25,9 +26,22 @@
iframe.contentWindow.location.href = '';
}
+function navigateByClickingHyperlink(contentWindow, url) {
+ var link = contentWindow.document.createElement('a');
+ link.href = ""
+ link.click();
+}
+
function fired(contentWindow) {
+ if (didFireBeforeUnloadEvent)
+ return;
+ didFireBeforeUnloadEvent = true;
+
location.href = '';
contentWindow.location.href = '';
+ navigateByClickingHyperlink(contentWindow, 'resources/before-unload-in-subframe-fail.html');
+ navigateByClickingHyperlink(window, 'resources/before-unload-in-subframe-fail.html');
+
log.innerHTML = 'PASS 1/2';
contentWindow.frameElement.halfPassed = true;
}
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog (214770 => 214771)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-04-03 11:25:05 UTC (rev 214770)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog 2017-04-03 12:01:58 UTC (rev 214771)
@@ -1,3 +1,22 @@
+2017-03-20 Daniel Bates <daba...@apple.com>
+
+ Prevent new navigations from onbeforeunload handler
+ https://bugs.webkit.org/show_bug.cgi?id=169891
+ <rdar://problem/31155736>
+
+ Reviewed by Ryosuke Niwa.
+
+ Ensure that all navigations initiated from an onbeforeunload handler are disallowed
+ regardless of how they were scheduled. Such navigations go against the expectation
+ of a user.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::isNavigationAllowed): Added.
+ (WebCore::FrameLoader::loadURL): Modified code to call FrameLoader::isNavigationAllowed().
+ (WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
+ (WebCore::FrameLoader::stopAllLoaders): Ditto.
+ * loader/FrameLoader.h:
+
2017-03-20 Simon Fraser <simon.fra...@apple.com>
Move code out of renderer destructors into willBeDestroyed()
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.cpp (214770 => 214771)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.cpp 2017-04-03 11:25:05 UTC (rev 214770)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.cpp 2017-04-03 12:01:58 UTC (rev 214771)
@@ -1185,6 +1185,11 @@
return propagatedPolicy;
}
+bool FrameLoader::isNavigationAllowed() const
+{
+ return m_pageDismissalEventBeingDispatched == PageDismissalType::None && NavigationDisablerForBeforeUnload::isNavigationAllowed();
+}
+
void FrameLoader::loadURL(const FrameLoadRequest& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, FormState* formState)
{
if (m_inStopAllLoaders)
@@ -1223,7 +1228,7 @@
return;
}
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
NavigationAction action(request, newLoadType, isFormSubmission, event, frameLoadRequest.shouldOpenExternalURLsPolicy(), frameLoadRequest.downloadAttribute());
@@ -1425,7 +1430,7 @@
ASSERT(m_frame.view());
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
if (m_frame.document())
@@ -1612,7 +1617,7 @@
void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy)
{
ASSERT(!m_frame.document() || m_frame.document()->pageCacheState() != Document::InPageCache);
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
// If this method is called from within this method, infinite recursion can occur (3442218). Avoid this.
Modified: releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.h (214770 => 214771)
--- releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.h 2017-04-03 11:25:05 UTC (rev 214770)
+++ releases/WebKitGTK/webkit-2.16/Source/WebCore/loader/FrameLoader.h 2017-04-03 12:01:58 UTC (rev 214771)
@@ -386,6 +386,8 @@
void applyShouldOpenExternalURLsPolicyToNewDocumentLoader(DocumentLoader&, ShouldOpenExternalURLsPolicy propagatedPolicy);
+ bool isNavigationAllowed() const;
+
Frame& m_frame;
FrameLoaderClient& m_client;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes