[webkit-changes] [245284] trunk/Source/WebKit

Tue, 14 May 2019 09:37:28 -0700

Title: [245284] trunk/Source/WebKit
Revision
245284
Author
bfulg...@apple.com
Date
2019-05-14 09:36:39 -0700 (Tue, 14 May 2019)

Log Message

Protect current WebFrame during form submission
https://bugs.webkit.org/show_bug.cgi?id=197459
<rdar://problem/50368618>

Reviewed by Alex Christensen.

The 'continueWillSubmitForm' method calls a completion handler that
might affect the state of the current frame. Ensure the frame is valid
for the scope of the function.

* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::continueWillSubmitForm):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (245283 => 245284)


--- trunk/Source/WebKit/ChangeLog	2019-05-14 16:22:32 UTC (rev 245283)
+++ trunk/Source/WebKit/ChangeLog	2019-05-14 16:36:39 UTC (rev 245284)
@@ -1,3 +1,18 @@
+2019-05-14  Brent Fulgham  <bfulg...@apple.com>
+
+        Protect current WebFrame during form submission
+        https://bugs.webkit.org/show_bug.cgi?id=197459
+        <rdar://problem/50368618>
+
+        Reviewed by Alex Christensen.
+
+        The 'continueWillSubmitForm' method calls a completion handler that
+        might affect the state of the current frame. Ensure the frame is valid
+        for the scope of the function.
+
+        * WebProcess/WebPage/WebFrame.cpp:
+        (WebKit::WebFrame::continueWillSubmitForm):
+
 2019-05-14  Daniel Bates  <daba...@apple.com>
 
         [iOS] Cannot tab or shift + tab out of address bar on google.com

Modified: trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp (245283 => 245284)


--- trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp	2019-05-14 16:22:32 UTC (rev 245283)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp	2019-05-14 16:36:39 UTC (rev 245284)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -233,6 +233,7 @@
 
 void WebFrame::continueWillSubmitForm(uint64_t listenerID)
 {
+    Ref<WebFrame> protectedThis(*this);
     if (auto completionHandler = m_willSubmitFormCompletionHandlers.take(listenerID))
         completionHandler();
     invalidatePolicyListener();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to