Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: f2981ff7b1603a22db8857b1387bf2252e465fe1
https://github.com/WebKit/WebKit/commit/f2981ff7b1603a22db8857b1387bf2252e465fe1
Author: Charlie Wolfe <[email protected]>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M Source/WebCore/history/BackForwardClient.h
M Source/WebCore/history/BackForwardController.cpp
M Source/WebCore/history/BackForwardController.h
M Source/WebCore/loader/EmptyClients.cpp
M Source/WebCore/loader/FrameLoader.cpp
M Source/WebCore/loader/HistoryController.cpp
M Source/WebCore/loader/HistoryController.h
M Source/WebKit/UIProcess/WebBackForwardList.cpp
M Source/WebKit/UIProcess/WebBackForwardList.h
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp
M Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.h
M Source/WebKitLegacy/mac/History/BackForwardList.h
M Tools/TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm
Log Message:
-----------
Commit provisional history items that are not cancelled during policy decision
https://bugs.webkit.org/show_bug.cgi?id=285446
rdar://142028791
Reviewed by Alex Christensen.
In 285421@main, I made the UI process aware of when a web process starts a
back/forward navigation but
has not yet committed it. However, we did not always notify the UI process when
the item was committed.
If we fail to notify the UI process, it can result in a state where the current
index becomes stale and
the provisional index is cleared, leading to a possible out-of-bounds crash
when using the current index.
* Source/WebCore/history/BackForwardClient.h:
* Source/WebCore/history/BackForwardController.cpp:
(WebCore::BackForwardController::commitProvisionalItem):
* Source/WebCore/history/BackForwardController.h:
* Source/WebCore/loader/EmptyClients.cpp:
* Source/WebCore/loader/FrameLoader.cpp:
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
* Source/WebCore/loader/HistoryController.cpp:
(WebCore::HistoryController::updateForCommit):
(WebCore::HistoryController::recursiveUpdateForCommit):
(WebCore::HistoryController::recursiveUpdateForSameDocumentNavigation):
(WebCore::HistoryController::clearProvisionalItem):
(WebCore::HistoryController::commitProvisionalItem):
* Source/WebCore/loader/HistoryController.h:
* Source/WebKit/UIProcess/WebBackForwardList.cpp:
(WebKit::WebBackForwardList::commitProvisionalItem):
* Source/WebKit/UIProcess/WebBackForwardList.h:
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::backForwardCommitProvisionalItem):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.cpp:
(WebKit::WebBackForwardListProxy::clearProvisionalItem):
(WebKit::WebBackForwardListProxy::commitProvisionalItem):
* Source/WebKit/WebProcess/WebPage/WebBackForwardListProxy.h:
* Source/WebKitLegacy/mac/History/BackForwardList.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/DecidePolicyForNavigationAction.mm:
(TEST(WebKit,
DecidePolicyForNavigationActionCancelAfterDiscardingForwardItems)):
Canonical link: https://commits.webkit.org/288518@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
