Branch: refs/heads/webkitglib/2.52
  Home:   https://github.com/WebKit/WebKit
  Commit: 4c99752420d8c35dfc2c0f209a2897a84afeaca0
      
https://github.com/WebKit/WebKit/commit/4c99752420d8c35dfc2c0f209a2897a84afeaca0
  Author: Said Abou-Hallawa <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    M Source/WebCore/platform/graphics/DestinationColorSpace.cpp
    M Source/WebCore/platform/graphics/DestinationColorSpace.h
    M Source/WebCore/platform/graphics/PixelBufferConversion.cpp
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Tools/TestWebKitAPI/Tests/WebCore/ImageBufferTests.cpp

  Log Message:
  -----------
  Cherry-pick 8e2784fd0807. https://bugs.webkit.org/show_bug.cgi?id=312945

GetPixelBuffer should zeroFill the destination if any error happens
https://bugs.webkit.org/show_bug.cgi?id=312945
rdar://174640273

Reviewed by Kimmo Kinnunen.

RemoteImageBuffer fails to GetPixelBuffer if the destination colorSpace is 
non-RGB
model (e.g. kCGColorSpaceGenericCMYK). In this case the PixelBuffer is allocated
but never be initialized. So stale heap can be exposed to callers.

To fix this an IPC validator is needed to ensure the colorSpace is indeed RGB 
model.
And to handle other possible unknown failures, the destination PixelBuffer will
be zero-filled if vImage fails to do the conversion the colorSpace conversion.

* Source/WebCore/platform/graphics/DestinationColorSpace.cpp:
(WebCore::DestinationColorSpace::usesRGBColorModel const):
* Source/WebCore/platform/graphics/DestinationColorSpace.h:
* Source/WebCore/platform/graphics/PixelBufferConversion.cpp:
(WebCore::convertImagePixelsAccelerated):
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Tools/TestWebKitAPI/Tests/WebCore/ImageBufferTests.cpp:
(TestWebKitAPI::TEST(ImageBufferTests, GetPixelBufferAllZeros)):

Identifier: 305413.874@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.932@webkitglib/2.52


  Commit: b85f1a5499d0113f8a05149b58ac21641ddd2712
      
https://github.com/WebKit/WebKit/commit/b85f1a5499d0113f8a05149b58ac21641ddd2712
  Author: Dan Glastonbury <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    A LayoutTests/webxr/xr-isSessionSupported-detached-iframe-crash-expected.txt
    A LayoutTests/webxr/xr-isSessionSupported-detached-iframe-crash.html
    M Source/WebCore/Modules/webxr/WebXRSystem.cpp

  Log Message:
  -----------
  Cherry-pick 0e75e33398b8. https://bugs.webkit.org/show_bug.cgi?id=312945

[WebXR] Use-after-free of WebXRSystem in callbacks re-posted from 
ensureImmersiveXRDeviceIsSelected
rdar://175674581

Reviewed by Mike Wyrzykowski.

WebXRSystem::ensureImmersiveXRDeviceIsSelected sends an async
EnumerateImmersiveXRDevices IPC whose reply lambda holds protectedThis = Ref
{ *this }, but inside that lambda a makeScopeExit re-posts the caller's callback
via callOnMainThread(). The reply lambda is then destroyed and protectedThis
drops. The callbacks supplied by isSessionSupported, obtainCurrentDevice and
requestSession capture only raw |this|, so the queued main-thread task holds no
ownership of the WebXRSystem. If iframe removal + GC tears down
NavigatorWebXR::m_xr between the protectedThis drop and the pending
callOnMainThread task, the task reads freed memory.

Separately, the RequestPermissionOnSessionFeatures reply lambda in
requestSession writes m_pendingImmersiveSession through raw |this| in its
!weakThis branch.

Fix by capturing protectedThis = protect(*this) in the isSessionSupported,
obtainCurrentDevice and requestSession callbacks so they keep the WebXRSystem
alive across the callOnMainThread re-post, and by splitting the !weakThis
early-return in the inner requestSession permission reply so it does not touch
members after the object is gone.

Test: webxr/xr-isSessionSupported-detached-iframe-crash.html

* LayoutTests/webxr/xr-isSessionSupported-detached-iframe-crash-expected.txt: 
Added.
* LayoutTests/webxr/xr-isSessionSupported-detached-iframe-crash.html: Added.
* Source/WebCore/Modules/webxr/WebXRSystem.cpp:
(WebCore::WebXRSystem::obtainCurrentDevice):
(WebCore::WebXRSystem::isSessionSupported):
(WebCore::WebXRSystem::requestSession):

Identifier: 305413.841@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.933@webkitglib/2.52


  Commit: 8e6f42a7da28f8c70f933311b2465a6226ff82ab
      
https://github.com/WebKit/WebKit/commit/8e6f42a7da28f8c70f933311b2465a6226ff82ab
  Author: Chris Dumez <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    A 
LayoutTests/ipc/use-redirection-for-current-navigation-message-check-expected.txt
    A LayoutTests/ipc/use-redirection-for-current-navigation-message-check.html
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

  Log Message:
  -----------
  Cherry-pick a547e707161f. https://bugs.webkit.org/show_bug.cgi?id=314862

[WebKit Networking] continueWillSendRequest m_redirectionForCurrentNavigation 
early-return reaches Cache::storeRedirect with unrestored cachePartition
https://bugs.webkit.org/show_bug.cgi?id=314862
rdar://176914483

Reviewed by Alex Christensen.

A compromised WebContent process can poison the Network Process persistent
disk cache for an arbitrary cross-origin partition.

NetworkConnectionToWebProcess::useRedirectionForCurrentNavigation accepts a
WebContent-supplied ResourceResponse with no validation and stashes it on the
loader as m_redirectionForCurrentNavigation. When the loader's WillSendRequest
async reply later delivers a WebContent-supplied ResourceRequest,
NetworkResourceLoader::continueWillSendRequest takes the
m_redirectionForCurrentNavigation early-return into willSendRedirectedRequest
*before* the setCachePartition(originalRequest().cachePartition()) restore,
so NetworkCache::Cache::storeRedirect keys the on-disk record by the
unvalidated WebContent-chosen {cachePartition, url} and persists the
WebContent-supplied 301 with WebContent-chosen Location:.

Fix this by:
  1. Hoisting the setCachePolicy/setCachePartition restore to the top of
     continueWillSendRequest so every path through the function — including the
     m_redirectionForCurrentNavigation, service-worker and m_shouldRestartLoad
     early returns — uses the original (Network-Process-side) cache partition,
     never the value round-tripped through the WebContent process.
  2. Promoting the debug ASSERT(isMainFrameLoad()) and
     ASSERT(response.isRedirection()) at the
     NetworkConnectionToWebProcess::useRedirectionForCurrentNavigation IPC
     entry point to MESSAGE_CHECKs. The legitimate sender
     (WebPage::useRedirectionForCurrentNavigation, driven by
     RedirectSOAuthorizationSession in the UI process) only ever targets the
     main-frame main-resource loader with a redirection response; anything else
     is a compromised WebContent process.

Test: ipc/use-redirection-for-current-navigation-message-check.html

* 
LayoutTests/ipc/use-redirection-for-current-navigation-message-check-expected.txt:
 Added.
* LayoutTests/ipc/use-redirection-for-current-navigation-message-check.html: 
Added.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::useRedirectionForCurrentNavigation):
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::continueWillSendRequest):

Identifier: 305413.915@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.934@webkitglib/2.52


  Commit: 89f84f661bd09240afd3be219b3ab8b8ab77ab55
      
https://github.com/WebKit/WebKit/commit/89f84f661bd09240afd3be219b3ab8b8ab77ab55
  Author: Zak Ridouh <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    A 
LayoutTests/ipc/rgba16f-getpixelbuffer-colorspace-mismatch-heap-disclosure-expected.txt
    A 
LayoutTests/ipc/rgba16f-getpixelbuffer-colorspace-mismatch-heap-disclosure.html
    M Source/WebCore/platform/graphics/PixelBufferConversion.cpp

  Log Message:
  -----------
  Cherry-pick e7a0eda7b7ff. https://bugs.webkit.org/show_bug.cgi?id=314590

Uninitialized-heap disclosure in convertImagePixelsFromFloat16ToFloat16 via 
color-space early-return
<https://bugs.webkit.org/show_bug.cgi?id=314590>
<rdar://176483321>

Reviewed by Gerald Squelart.

convertImagePixelsFromFloat16ToFloat16() early-returned on a color-space
mismatch without writing the destination. The destination buffer is allocated
via JSC::Float16Array::tryCreateUninitialized() and ImageBufferBackend::
getPixelBuffer() only zero-fills on a size mismatch, so an RGBA16F
getPixelBuffer() readback whose output color space differed from the backing
IOSurface's left the destination populated with uninitialized
Gigacage::Primitive heap. RemoteImageBuffer::getPixelBufferWithNewMemory()
then memcpy'd those bytes into WebContent-mapped shared memory causing a
WebContent<->GPUProcess heap disclosure.

Float16<->Float16 color-space conversion is unimplemented (the 8-bit sibling
path also doesn't perform it). Remove the early return so the destination
is always populated with the source pixels (alpha-format conversion applied),
matching the sibling's behavior and closing the disclosure.

Test: ipc/rgba16f-getpixelbuffer-colorspace-mismatch-heap-disclosure.html

* 
LayoutTests/ipc/rgba16f-getpixelbuffer-colorspace-mismatch-heap-disclosure-expected.txt:
 Added.
* 
LayoutTests/ipc/rgba16f-getpixelbuffer-colorspace-mismatch-heap-disclosure.html:
 Added.
* Source/WebCore/platform/graphics/PixelBufferConversion.cpp:
(WebCore::convertImagePixelsFromFloat16ToFloat16):

Identifier: 305413.933@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.935@webkitglib/2.52


  Commit: c6895bbe30f5139000b30ca99aa82a148acff531
      
https://github.com/WebKit/WebKit/commit/c6895bbe30f5139000b30ca99aa82a148acff531
  Author: Chris Dumez <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    A LayoutTests/ipc/preconnect-to-message-checks-expected.txt
    A LayoutTests/ipc/preconnect-to-message-checks.html
    M Source/WebKit/CMakeLists.txt
    M Source/WebKit/DerivedSources-input.xcfilelist
    M Source/WebKit/DerivedSources.make
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    A Source/WebKit/NetworkProcess/PreconnectRequest.h
    A Source/WebKit/NetworkProcess/PreconnectRequest.serialization.in
    M Source/WebKit/NetworkProcess/PreconnectTask.cpp
    M Source/WebKit/Scripts/webkit/messages.py
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj
    M Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
    M Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp

  Log Message:
  -----------
  Cherry-pick 02c6dfb19415. https://bugs.webkit.org/show_bug.cgi?id=314864

[WebKit Networking] missing MESSAGE_CHECK and unvalidated shouldPreconnectOnly 
in NetworkConnectionToWebProcess::preconnectTo / sendH2Ping
https://bugs.webkit.org/show_bug.cgi?id=314864
rdar://176911922

Reviewed by Alex Christensen.

NetworkConnectionToWebProcess::preconnectTo and sendH2Ping previously
accepted a full NetworkResourceLoadParameters from WebContent. That
struct carries shouldPreconnectOnly, an httpBody on the request, a
foreign firstPartyForCookies, and many other fields that have no
legitimate use for a preconnect or H2 ping. A compromised WebContent
process could send shouldPreconnectOnly=No together with a file-backed
FormData body and a foreign firstPartyForCookies, and the
NetworkProcess would issue a full credentialed POST that streamed an
arbitrary NetworkProcess-readable file to an attacker-controlled
server. The only guards on this path were two debug ASSERTs.

Fix by replacing the wire types with purpose-built ones that carry
only the fields these operations actually need, and assembling the
NetworkLoadParameters in the NetworkProcess:

- SendH2Ping now takes (URL, webPageProxyID, webPageID, webFrameID,
  isNavigatingToAppBoundDomain). The NetworkProcess constructs a fresh
  ResourceRequest{url} locally, so no WebContent-supplied httpBody or
  shouldPreconnectOnly=No can reach PreconnectTask: the IPC contract
  itself enforces what previously needed a MESSAGE_CHECK.

- PreconnectTo now takes a new WebKit::PreconnectRequest struct with
  the small set of fields the WebContent legitimately provides
  (ResourceRequest, page/frame IDs, storedCredentialsPolicy,
  advancedPrivacyProtections, isNavigatingToAppBoundDomain,
  preconnectionIdentifier). The NetworkProcess builds the
  NetworkLoadParameters and forces shouldPreconnectOnly=Yes. The
  ResourceRequest can still carry an httpBody on the wire, so
  MESSAGE_CHECK(!request.httpBody()) is retained at the IPC boundary.

PreconnectTask::create keeps the defense-in-depth from the prior
revision (force shouldPreconnectOnly=Yes and clear any httpBody) so a
future caller cannot accidentally reintroduce the issue.

Test: ipc/preconnect-to-message-checks.html

* LayoutTests/ipc/preconnect-to-message-checks-expected.txt:
* LayoutTests/ipc/preconnect-to-message-checks.html: Updated to encode
the new PreconnectRequest wire format with a hostile httpBody.
* Source/WebKit/CMakeLists.txt:
* Source/WebKit/DerivedSources-input.xcfilelist:
* Source/WebKit/DerivedSources.make:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::sendH2Ping):
(WebKit::NetworkConnectionToWebProcess::preconnectTo):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/PreconnectRequest.h: Added.
* Source/WebKit/NetworkProcess/PreconnectRequest.serialization.in: Added.
* Source/WebKit/Scripts/webkit/messages.py: Add PreconnectRequest to
types_that_must_be_moved().
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::preconnectTo):
* Source/WebKit/WebProcess/WebCoreSupport/WebLocalFrameLoaderClient.cpp:
(WebKit::WebLocalFrameLoaderClient::sendH2Ping):

Identifier: 305413.927@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.936@webkitglib/2.52


  Commit: 8c7d58a08d9380f8d3e3b1d4dda8ec0b9c1f5c5b
      
https://github.com/WebKit/WebKit/commit/8c7d58a08d9380f8d3e3b1d4dda8ec0b9c1f5c5b
  Author: Charlie Wolfe <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAndDecodeImage.mm

  Log Message:
  -----------
  Cherry-pick bc7a427882d4. https://bugs.webkit.org/show_bug.cgi?id=315252

com.apple.WebKit.Networking at Received an invalid message 
'NetworkConnectionToWebProcess_LoadImageForDecoding'
https://bugs.webkit.org/show_bug.cgi?id=315252
rdar://177568018

Reviewed by Rupin Mittal.

There are two cases where the MESSAGE_CHECK in 
NetworkConnectionToWebProcess::loadImageForDecoding
can still fail after the fix in rdar://176310702:
 - A client set an incorrect or empty mainDocumentURL.
 - A client called _loadAndDecodeImage: on a WKWebView that has not loaded any 
content.

Set firstPartyForCookies in the web process from page->mainFrameURL(), which is 
the authoritative
value, and drop the WKWebView-side fallback added in the previous fix. When 
mainFrameURL is empty
(no navigation has happened yet, so there is no cookie context), disable 
cookies for the request
instead of failing the MESSAGE_CHECK.

Test: Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAndDecodeImage.mm

* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::loadImageForDecoding):
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView 
_loadAndDecodeImage:constrainedToSize:maximumBytesFromNetwork:completionHandler:]):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::loadAndDecodeImage):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAndDecodeImage.mm:
(TestWebKitAPI::TEST(WebKit, LoadAndDecodeImageBeforeAnyNavigation)):
(TestWebKitAPI::TEST(WebKit, 
LoadAndDecodeImageWithCallerProvidedDisallowedMainDocumentURL)):

Identifier: 305413.944@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.937@webkitglib/2.52


  Commit: aebc89b559d4e38db0b2f6fbcdd876143dbd4cea
      
https://github.com/WebKit/WebKit/commit/aebc89b559d4e38db0b2f6fbcdd876143dbd4cea
  Author: Alex Christensen <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

  Log Message:
  -----------
  Cherry-pick 82d9c4e4c38b. https://bugs.webkit.org/show_bug.cgi?id=314948

Add MESSAGE_CHECK for cache partition in 
NetworkConnectionToWebProcess::scheduleResourceLoad
rdar://176912978

Reviewed by Per Arne Vollan.

It should always be the same as firstPartyForCookies.  I'm working to remove 
the duplicate info
in https://github.com/WebKit/WebKit/pull/65212 but this is a lower-risk change 
that adds the
needed check.

* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):

Identifier: 305413.965@safari-7624-branch

Identifier: [email protected]
Canonical link: https://commits.webkit.org/305877.938@webkitglib/2.52


  Commit: 7f8890f46deb55305c08d4972c747986540f810a
      
https://github.com/WebKit/WebKit/commit/7f8890f46deb55305c08d4972c747986540f810a
  Author: Chris Dumez <[email protected]>
  Date:   2026-07-03 (Fri, 03 Jul 2026)

  Changed paths:
    M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
    M Source/WebKit/UIProcess/RemotePageProxy.cpp
    M Source/WebKit/UIProcess/SuspendedPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Source/WebKit/WebProcess/WebPage/WebPage.h
    M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
    M Source/WebKit/WebProcess/glib/WebProcessGLib.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.h
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistryPlugIn.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewEvaluateJavaScript.mm

  Log Message:
  -----------
  Cherry-pick c753fa7345b6. https://bugs.webkit.org/show_bug.cgi?id=314948

Sign in with Apple unsuccessful and causes reload due to problem - Received an 
invalid message 'RemoteObjectRegistry_InvokeMethod'
rdar://178567852

Reviewed by Alex Christensen.

The injected bundle's -webProcessPlugIn:willDestroyBrowserContextController:
hook fires synchronously from WebPage::close() in the WebProcess, and bundle
clients are allowed to invoke a UIProcess-side _WKRemoteObjectRegistry method
from that hook. The resulting RemoteObjectRegistry::InvokeMethod IPC arrives
at the UIProcess after WebPageProxy::close() has synchronously called
WebProcessProxy::removeWebPage(), so the page is no longer in m_pageMap (or
m_remotePages / m_provisionalPages / m_suspendedPages).

WebProcessProxy::handleRemoteObjectRegistryMessage then returned false, which
caused the generated didReceiveMessage to mark the decoder invalid and the
IPC layer to call WebProcessProxy::didReceiveInvalidMessage, terminating an
otherwise well-behaved WebProcess.

To fix this, mark every content process for the page as pending-close before
dispatching Messages::WebPage::Close, and only clear the marker once the
async reply arrives. WebProcessProxy::isAssociatedWithPage already consults
m_pagesPendingClose, so a late-arriving InvokeMethod is now recognized and
delivered to the registry. m_pagesPendingClose is changed from HashSet to
HashCountedSet so the regular close path and the provisional-page-swap close
path compose correctly when both target the same page.

handleRemoteObjectRegistryMessage is reworked to consult isAssociatedWithPage
and look the page up via the global WebPageProxy::fromIdentifier, replacing
the four sequential map walks.

Note that this commit makes the branch more in-line with main after 314178@main.
314178@main already takes care of adding the page to m_pagesPendingClose while
we're sending the WebPage::Close IPC. Also include the fix from 314426@main,
since it fixed a crash introduced by 314178@main.

TLDR: this PR is essentially a merge for 314178@main & 314178@main from
main so that WebProcessProxy::m_pagesPendingClose gets properly populated.
Then WebProcessProxy::handleRemoteObjectRegistryMessage() is updated to
call WebProcessProxy::isAssociatedWithPage() instead of duplicating its
logic. WebProcessProxy::isAssociatedWithPage also has the benefit of
checking m_pagesPendingClose already.

Update WKWebView.EvaluateJavaScriptBlockCrash test expectation to match
313673@main: now that Messages::WebPage::Close is an async-reply message,
the WebProcess is kept alive (via the shutdownPreventingScope held in the
Close reply handler) long enough for the pending evaluateJavaScript IPC to
be processed and reply with a successful empty result, instead of being
cancelled by Connection::cancelAsyncReplyHandlers when the connection is
invalidated. The completion handler is therefore invoked with a nil error,
matching the same test expectation update made in 313673@main.

Tests: RemoteObjectRegistry.InvokeMethodFromBundleDuringPageClose

* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::~ProvisionalPageProxy):
* Source/WebKit/UIProcess/RemotePageProxy.cpp:
(WebKit::RemotePageProxy::disconnect):
* Source/WebKit/UIProcess/SuspendedPageProxy.cpp:
(WebKit::SuspendedPageProxy::close):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::commitProvisionalPage):
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::~WebProcessProxy):
(WebKit::WebProcessProxy::sendPageCloseMessage):
(WebKit::WebProcessProxy::handleRemoteObjectRegistryMessage):
* Source/WebKit/UIProcess/WebProcessProxy.h:
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::close):
(WebKit::WebPage::closeWithReply): Deleted.
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistry.mm:
(TEST(RemoteObjectRegistry, InvokeMethodFromBundleDuringPageClose)):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/RemoteObjectRegistryPlugIn.mm:
(-[RemoteObjectRegistryPlugIn triggerCallToUIProcessOnClose]):
(-[RemoteObjectRegistryPlugIn 
webProcessPlugIn:willDestroyBrowserContextController:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebViewEvaluateJavaScript.mm:
(TEST(WKWebView, EvaluateJavaScriptBlockCrash)):

Originally-landed-as: d0f2013438ba
Canonical link: https://commits.webkit.org/305877.939@webkitglib/2.52


Compare: https://github.com/WebKit/WebKit/compare/6b0832a5592a...7f8890f46deb

To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to