[webkit-changes] [228672] releases/WebKitGTK/webkit-2.20

[carlosgc]

Title: [228672] releases/WebKitGTK/webkit-2.20

Revision

228672

Author

carlo...@webkit.org

Date

2018-02-19 05:17:51 -0800 (Mon, 19 Feb 2018)

Log Message

Merge r228299 - Form submission after navigation fails when decidePolicyForNavigationAction is async
https://bugs.webkit.org/show_bug.cgi?id=182412
<rdar://problem/35181099>

Reviewed by Alex Christensen.

Source/WebCore:

When the form is submitted and schedules the load in an iframe that is already loading,
FrameLoader::stopLoading() is called as expected. However, because policy checks can
now be asynchronous, stopLoading() also needs to stop pending policy checks. Otherwise,
continueLoadAfterNavigationPolicy() gets called for a cancelled load and we're in trouble
because the FrameLoader was reused for another load since then.

Test: http/tests/navigation/sync-form-submit-iframe.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopLoading):

LayoutTests:

Import layout test coverage from Alex's earlier patch.

* http/tests/navigation/resources/a.html: Added.
* http/tests/navigation/resources/b.html: Added.
* http/tests/navigation/sync-form-submit-iframe-expected.txt: Added.
* http/tests/navigation/sync-form-submit-iframe.html: Added.

Modified Paths

• releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog
• releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp

Added Paths

• releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html
• releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html
• releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt
• releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html

Diff

Modified: releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog (228671 => 228672)

--- releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog	2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog	2018-02-19 13:17:51 UTC (rev 228672)
@@ -1,3 +1,18 @@
+2018-02-08  Chris Dumez  <cdu...@apple.com>
+
+        Form submission after navigation fails when decidePolicyForNavigationAction is async
+        https://bugs.webkit.org/show_bug.cgi?id=182412
+        <rdar://problem/35181099>
+
+        Reviewed by Alex Christensen.
+
+        Import layout test coverage from Alex's earlier patch.
+
+        * http/tests/navigation/resources/a.html: Added.
+        * http/tests/navigation/resources/b.html: Added.
+        * http/tests/navigation/sync-form-submit-iframe-expected.txt: Added.
+        * http/tests/navigation/sync-form-submit-iframe.html: Added.
+
 2018-02-08  Chris Fleizach  <cfleiz...@apple.com>
 
         AX: Defer attribute computation until needed.

Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html (0 => 228672)

--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html	2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+<script>
+parent.postMessage('a', '*');
+</script>

Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html (0 => 228672)

--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html	2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+<script>
+parent.postMessage('b', '*');
+</script>

Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt (0 => 228672)

--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt	2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+ALERT: PASS
+
+

Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html (0 => 228672)

--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html	                        (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html	2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,31 @@
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    if (testRunner.setShouldDecideNavigationPolicyAfterDelay)
+        testRunner.setShouldDecideNavigationPolicyAfterDelay(true);
+}
+
+function receiveMessage(e)
+{
+    alert(e.data == 'b' ? 'PASS' : 'FAIL');
+    if (window.testRunner)
+        testRunner.notifyDone();
+}
+window.addEventListener("message", receiveMessage, false);
+
+function runtest() {
+    var iframe = document.createElement('iframe');
+    iframe.src = '';
+    iframe.name = 'framename';
+    document.body.appendChild(iframe);
+
+    var form = document.createElement('form');
+    form.setAttribute('method', 'post');
+    form.setAttribute('action', 'resources/b.html');
+    form.setAttribute('target', 'framename');
+    document.body.appendChild(form);
+    form.submit();
+}
+</script>
+<body _onload_='runtest()'/>

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (228671 => 228672)

--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog	2018-02-19 13:17:51 UTC (rev 228672)
@@ -1,3 +1,22 @@
+2018-02-08  Chris Dumez  <cdu...@apple.com>
+
+        Form submission after navigation fails when decidePolicyForNavigationAction is async
+        https://bugs.webkit.org/show_bug.cgi?id=182412
+        <rdar://problem/35181099>
+
+        Reviewed by Alex Christensen.
+
+        When the form is submitted and schedules the load in an iframe that is already loading,
+        FrameLoader::stopLoading() is called as expected. However, because policy checks can
+        now be asynchronous, stopLoading() also needs to stop pending policy checks. Otherwise,
+        continueLoadAfterNavigationPolicy() gets called for a cancelled load and we're in trouble
+        because the FrameLoader was reused for another load since then.
+
+        Test: http/tests/navigation/sync-form-submit-iframe.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::stopLoading):
+
 2018-02-08  Zalan Bujtas  <za...@apple.com>
 
         [RenderTreeBuilder] Do not use RenderTreeBuilder::current() in RenderRubyRun::takeChild

Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp (228671 => 228672)

--- releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp	2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp	2018-02-19 13:17:51 UTC (rev 228672)
@@ -487,6 +487,8 @@
         DatabaseManager::singleton().stopDatabases(*document, nullptr);
     }
 
+    policyChecker().stopCheck();
+
     // FIXME: This will cancel redirection timer, which really needs to be restarted when restoring the frame from b/f cache.
     m_frame.navigationScheduler().cancel();
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes