Skip to site navigation (Press enter)

[webkit-changes] [117922] trunk/LayoutTests

eae Tue, 22 May 2012 00:18:02 -0700

Title: [117922] trunk/LayoutTests

Revision: 117922
Author: [email protected]
Date: 2012-05-22 00:18:33 -0700 (Tue, 22 May 2012)

Log Message

Unreviewed rebaseline of fast/loader/recursive-before-unload-crash.html

* platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt: Added.


Modified Paths

trunk/LayoutTests/ChangeLog


Added Paths

trunk/LayoutTests/platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt

Diff

Modified: trunk/LayoutTests/ChangeLog (117921 => 117922)


--- trunk/LayoutTests/ChangeLog	2012-05-22 07:15:17 UTC (rev 117921)
+++ trunk/LayoutTests/ChangeLog	2012-05-22 07:18:33 UTC (rev 117922)
@@ -1,5 +1,11 @@
 2012-05-22  Emil A Eklund  <[email protected]>
 
+        Unreviewed rebaseline of fast/loader/recursive-before-unload-crash.html
+
+        * platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt: Added.
+
+2012-05-22  Emil A Eklund  <[email protected]>
+
         Even more unreviewed chromium test expectation updates.
 
         * platform/chromium-linux-x86/platform/chromium/compositing/filters: Removed.

Added: trunk/LayoutTests/platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt (0 => 117922)


--- trunk/LayoutTests/platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt	2012-05-22 07:18:33 UTC (rev 117922)
@@ -0,0 +1,10 @@
+CONSOLE MESSAGE: Blocked alert('onbeforeunload called, and iframe hasn't been added yet.') during beforeunload.
+ALERT: Adding iframe
+This test demonstrates a problem with our handling of the beforeunload event.
+If a script manages to try and navigate the frame from beforeunload - when a navigation is already pending - we end up blowing out the stack by recursively consulting the policy delegate then running onbeforeunload repeatedly.
+After this happens, the FrameLoader is in a bogus state where it thinks it is in the middle of a provisional load, but it doesn't have a provisional document loader.
+In this state, the frame is very difficult to navigate anywhere else, and attempts to load new things within the frame can result in a crash.
+This was reproducibly identified on sears.com following a bizarre Safari specific code path.
+Click here to run the beforeunload test and blow out the stack
+Click here to append an iframe and crash
+

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes