Title: [228672] releases/WebKitGTK/webkit-2.20
- Revision
- 228672
- Author
- carlo...@webkit.org
- Date
- 2018-02-19 05:17:51 -0800 (Mon, 19 Feb 2018)
Log Message
Merge r228299 - Form submission after navigation fails when decidePolicyForNavigationAction is async
https://bugs.webkit.org/show_bug.cgi?id=182412
<rdar://problem/35181099>
Reviewed by Alex Christensen.
Source/WebCore:
When the form is submitted and schedules the load in an iframe that is already loading,
FrameLoader::stopLoading() is called as expected. However, because policy checks can
now be asynchronous, stopLoading() also needs to stop pending policy checks. Otherwise,
continueLoadAfterNavigationPolicy() gets called for a cancelled load and we're in trouble
because the FrameLoader was reused for another load since then.
Test: http/tests/navigation/sync-form-submit-iframe.html
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopLoading):
LayoutTests:
Import layout test coverage from Alex's earlier patch.
* http/tests/navigation/resources/a.html: Added.
* http/tests/navigation/resources/b.html: Added.
* http/tests/navigation/sync-form-submit-iframe-expected.txt: Added.
* http/tests/navigation/sync-form-submit-iframe.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog (228671 => 228672)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog 2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog 2018-02-19 13:17:51 UTC (rev 228672)
@@ -1,3 +1,18 @@
+2018-02-08 Chris Dumez <cdu...@apple.com>
+
+ Form submission after navigation fails when decidePolicyForNavigationAction is async
+ https://bugs.webkit.org/show_bug.cgi?id=182412
+ <rdar://problem/35181099>
+
+ Reviewed by Alex Christensen.
+
+ Import layout test coverage from Alex's earlier patch.
+
+ * http/tests/navigation/resources/a.html: Added.
+ * http/tests/navigation/resources/b.html: Added.
+ * http/tests/navigation/sync-form-submit-iframe-expected.txt: Added.
+ * http/tests/navigation/sync-form-submit-iframe.html: Added.
+
2018-02-08 Chris Fleizach <cfleiz...@apple.com>
AX: Defer attribute computation until needed.
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html (0 => 228672)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/a.html 2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+<script>
+parent.postMessage('a', '*');
+</script>
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html (0 => 228672)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/resources/b.html 2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+<script>
+parent.postMessage('b', '*');
+</script>
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt (0 => 228672)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe-expected.txt 2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,3 @@
+ALERT: PASS
+
+
Added: releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html (0 => 228672)
--- releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html (rev 0)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/http/tests/navigation/sync-form-submit-iframe.html 2018-02-19 13:17:51 UTC (rev 228672)
@@ -0,0 +1,31 @@
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ if (testRunner.setShouldDecideNavigationPolicyAfterDelay)
+ testRunner.setShouldDecideNavigationPolicyAfterDelay(true);
+}
+
+function receiveMessage(e)
+{
+ alert(e.data == 'b' ? 'PASS' : 'FAIL');
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+window.addEventListener("message", receiveMessage, false);
+
+function runtest() {
+ var iframe = document.createElement('iframe');
+ iframe.src = '';
+ iframe.name = 'framename';
+ document.body.appendChild(iframe);
+
+ var form = document.createElement('form');
+ form.setAttribute('method', 'post');
+ form.setAttribute('action', 'resources/b.html');
+ form.setAttribute('target', 'framename');
+ document.body.appendChild(form);
+ form.submit();
+}
+</script>
+<body _onload_='runtest()'/>
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (228671 => 228672)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-02-19 13:17:51 UTC (rev 228672)
@@ -1,3 +1,22 @@
+2018-02-08 Chris Dumez <cdu...@apple.com>
+
+ Form submission after navigation fails when decidePolicyForNavigationAction is async
+ https://bugs.webkit.org/show_bug.cgi?id=182412
+ <rdar://problem/35181099>
+
+ Reviewed by Alex Christensen.
+
+ When the form is submitted and schedules the load in an iframe that is already loading,
+ FrameLoader::stopLoading() is called as expected. However, because policy checks can
+ now be asynchronous, stopLoading() also needs to stop pending policy checks. Otherwise,
+ continueLoadAfterNavigationPolicy() gets called for a cancelled load and we're in trouble
+ because the FrameLoader was reused for another load since then.
+
+ Test: http/tests/navigation/sync-form-submit-iframe.html
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::stopLoading):
+
2018-02-08 Zalan Bujtas <za...@apple.com>
[RenderTreeBuilder] Do not use RenderTreeBuilder::current() in RenderRubyRun::takeChild
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp (228671 => 228672)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp 2018-02-19 13:17:43 UTC (rev 228671)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/FrameLoader.cpp 2018-02-19 13:17:51 UTC (rev 228672)
@@ -487,6 +487,8 @@
DatabaseManager::singleton().stopDatabases(*document, nullptr);
}
+ policyChecker().stopCheck();
+
// FIXME: This will cancel redirection timer, which really needs to be restarted when restoring the frame from b/f cache.
m_frame.navigationScheduler().cancel();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes