- Revision
- 261511
- Author
- [email protected]
- Date
- 2020-05-11 17:21:27 -0700 (Mon, 11 May 2020)
Log Message
Cherry-pick r259525. rdar://problem/62978878
Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr.
https://bugs.webkit.org/show_bug.cgi?id=127096
<rdar://problem/61221941>
Reviewed by Alex Christensen.
ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr.
And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller.
No new tests, covered by existing test.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe):
(WebCore::SubframeLoader::loadSubframe):
* loader/SubframeLoader.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259525 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (261510 => 261511)
--- branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:21:24 UTC (rev 261510)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog 2020-05-12 00:21:27 UTC (rev 261511)
@@ -1,5 +1,46 @@
2020-05-07 Russell Epstein <[email protected]>
+ Cherry-pick r259525. rdar://problem/62978878
+
+ Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=127096
+ <rdar://problem/61221941>
+
+ Reviewed by Alex Christensen.
+
+ ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr.
+ And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller.
+
+ No new tests, covered by existing test.
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::loadOrRedirectSubframe):
+ (WebCore::SubframeLoader::loadSubframe):
+ * loader/SubframeLoader.h:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259525 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-04-03 Jack Lee <[email protected]>
+
+ Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr.
+ https://bugs.webkit.org/show_bug.cgi?id=127096
+ <rdar://problem/61221941>
+
+ Reviewed by Alex Christensen.
+
+ ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr.
+ And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller.
+
+ No new tests, covered by existing test.
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::loadOrRedirectSubframe):
+ (WebCore::SubframeLoader::loadSubframe):
+ * loader/SubframeLoader.h:
+
+2020-05-07 Russell Epstein <[email protected]>
+
Cherry-pick r259353. rdar://problem/62978934
Don't use raw pointers in ShadowRoot.
Modified: branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.cpp (261510 => 261511)
--- branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.cpp 2020-05-12 00:21:24 UTC (rev 261510)
+++ branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.cpp 2020-05-12 00:21:27 UTC (rev 261511)
@@ -303,7 +303,7 @@
URL upgradedRequestURL = requestURL;
initiatingDocument.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(upgradedRequestURL, ContentSecurityPolicy::InsecureRequestType::Load);
- auto* frame = ownerElement.contentFrame();
+ RefPtr<Frame> frame = makeRefPtr(ownerElement.contentFrame());
if (frame)
frame->navigationScheduler().scheduleLocationChange(initiatingDocument, initiatingDocument.securityOrigin(), upgradedRequestURL, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
else
@@ -316,7 +316,7 @@
return ownerElement.contentFrame();
}
-Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const String& name, const String& referrer)
+RefPtr<Frame> SubframeLoader::loadSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const String& name, const String& referrer)
{
Ref<Frame> protect(m_frame);
auto document = makeRef(ownerElement.document());
@@ -376,7 +376,10 @@
if (frame->loader().state() == FrameStateComplete && !frame->loader().policyDocumentLoader())
frame->loader().checkCompleted();
- return frame.get();
+ if (!frame->tree().parent())
+ return nullptr;
+
+ return frame;
}
bool SubframeLoader::allowPlugins()
Modified: branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.h (261510 => 261511)
--- branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.h 2020-05-12 00:21:24 UTC (rev 261510)
+++ branches/safari-609-branch/Source/WebCore/loader/SubframeLoader.h 2020-05-12 00:21:27 UTC (rev 261511)
@@ -70,7 +70,7 @@
private:
bool requestPlugin(HTMLPlugInImageElement&, const URL&, const String& serviceType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
Frame* loadOrRedirectSubframe(HTMLFrameOwnerElement&, const URL&, const AtomString& frameName, LockHistory, LockBackForwardList);
- Frame* loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
+ RefPtr<Frame> loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback);
