Title: [115646] trunk
- Revision
- 115646
- Author
- [email protected]
- Date
- 2012-04-30 09:59:50 -0700 (Mon, 30 Apr 2012)
Log Message
loadOrRedirectSubframe should return the owner element's frame
https://bugs.webkit.org/show_bug.cgi?id=84780
Reviewed by Nate Chapin.
Source/WebCore:
Test: fast/loader/_javascript_-url-iframe-remove-on-navigate.html
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe):
LayoutTests:
* fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt: Added.
* fast/loader/_javascript_-url-iframe-remove-on-navigate.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (115645 => 115646)
--- trunk/LayoutTests/ChangeLog 2012-04-30 16:58:14 UTC (rev 115645)
+++ trunk/LayoutTests/ChangeLog 2012-04-30 16:59:50 UTC (rev 115646)
@@ -1,3 +1,13 @@
+2012-04-30 Justin Schuh <[email protected]>
+
+ loadOrRedirectSubframe should return the owner element's frame
+ https://bugs.webkit.org/show_bug.cgi?id=84780
+
+ Reviewed by Nate Chapin.
+
+ * fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt: Added.
+ * fast/loader/_javascript_-url-iframe-remove-on-navigate.html: Added.
+
2012-04-30 Thiago Marcos P. Santos <[email protected]>
[EFL] Update expectations for media/audio-delete-while-step-button-clicked.html
Added: trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt (0 => 115646)
--- trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt 2012-04-30 16:59:50 UTC (rev 115646)
@@ -0,0 +1,2 @@
+Blocked access to external URL http://does.not.exist/
+PASS - _javascript_ URL blocked without crashing.
Added: trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html (0 => 115646)
--- trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html (rev 0)
+++ trunk/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html 2012-04-30 16:59:50 UTC (rev 115646)
@@ -0,0 +1,17 @@
+<iframe src="" id="target"></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+setTimeout(function() {
+ document.getElementById("target").src = ""
+ }, 0);
+
+window.addEventListener("popstate", function() {
+ document.write("PASS - _javascript_ URL blocked without crashing.");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }, false);
+</script>
Modified: trunk/Source/WebCore/ChangeLog (115645 => 115646)
--- trunk/Source/WebCore/ChangeLog 2012-04-30 16:58:14 UTC (rev 115645)
+++ trunk/Source/WebCore/ChangeLog 2012-04-30 16:59:50 UTC (rev 115646)
@@ -1,3 +1,15 @@
+2012-04-30 Justin Schuh <[email protected]>
+
+ loadOrRedirectSubframe should return the owner element's frame
+ https://bugs.webkit.org/show_bug.cgi?id=84780
+
+ Reviewed by Nate Chapin.
+
+ Test: fast/loader/_javascript_-url-iframe-remove-on-navigate.html
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::loadOrRedirectSubframe):
+
2012-04-30 Caio Marcelo de Oliveira Filho <[email protected]>
Use Vector<Attribute> directly instead of encapsulating it in AttributeVector
Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (115645 => 115646)
--- trunk/Source/WebCore/loader/SubframeLoader.cpp 2012-04-30 16:58:14 UTC (rev 115645)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp 2012-04-30 16:59:50 UTC (rev 115646)
@@ -247,7 +247,9 @@
frame->navigationScheduler()->scheduleLocationChange(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
- return frame;
+
+ ASSERT(ownerElement->contentFrame() == frame || !ownerElement->contentFrame());
+ return ownerElement->contentFrame();
}
Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const String& name, const String& referrer)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
