Title: [119335] releases/WebKitGTK/webkit-1.8
- Revision
- 119335
- Author
- [email protected]
- Date
- 2012-06-02 13:31:11 -0700 (Sat, 02 Jun 2012)
Log Message
Merge 115646 - loadOrRedirectSubframe should return the owner element's frame
https://bugs.webkit.org/show_bug.cgi?id=84780
Reviewed by Nate Chapin.
Source/WebCore:
Test: fast/loader/_javascript_-url-iframe-remove-on-navigate.html
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe):
LayoutTests:
* fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt: Added.
* fast/loader/_javascript_-url-iframe-remove-on-navigate.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog (119334 => 119335)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog 2012-06-02 20:30:51 UTC (rev 119334)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/ChangeLog 2012-06-02 20:31:11 UTC (rev 119335)
@@ -1,3 +1,13 @@
+2012-04-30 Justin Schuh <[email protected]>
+
+ loadOrRedirectSubframe should return the owner element's frame
+ https://bugs.webkit.org/show_bug.cgi?id=84780
+
+ Reviewed by Nate Chapin.
+
+ * fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt: Added.
+ * fast/loader/_javascript_-url-iframe-remove-on-navigate.html: Added.
+
2012-04-26 Jeffrey Pfau <[email protected]>
Invalid cast in WebCore::HTMLCollection::isAcceptableElement
Added: releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt (0 => 119335)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate-expected.txt 2012-06-02 20:31:11 UTC (rev 119335)
@@ -0,0 +1,2 @@
+Blocked access to external URL http://does.not.exist/
+PASS - _javascript_ URL blocked without crashing.
Added: releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html (0 => 119335)
--- releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html (rev 0)
+++ releases/WebKitGTK/webkit-1.8/LayoutTests/fast/loader/_javascript_-url-iframe-remove-on-navigate.html 2012-06-02 20:31:11 UTC (rev 119335)
@@ -0,0 +1,17 @@
+<iframe src="" id="target"></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+setTimeout(function() {
+ document.getElementById("target").src = ""
+ }, 0);
+
+window.addEventListener("popstate", function() {
+ document.write("PASS - _javascript_ URL blocked without crashing.");
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+ }, false);
+</script>
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog (119334 => 119335)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-06-02 20:30:51 UTC (rev 119334)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/ChangeLog 2012-06-02 20:31:11 UTC (rev 119335)
@@ -1,3 +1,15 @@
+2012-04-30 Justin Schuh <[email protected]>
+
+ loadOrRedirectSubframe should return the owner element's frame
+ https://bugs.webkit.org/show_bug.cgi?id=84780
+
+ Reviewed by Nate Chapin.
+
+ Test: fast/loader/_javascript_-url-iframe-remove-on-navigate.html
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::SubframeLoader::loadOrRedirectSubframe):
+
2012-04-26 Jeffrey Pfau <[email protected]>
Invalid cast in WebCore::HTMLCollection::isAcceptableElement
Modified: releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/SubframeLoader.cpp (119334 => 119335)
--- releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/SubframeLoader.cpp 2012-06-02 20:30:51 UTC (rev 119334)
+++ releases/WebKitGTK/webkit-1.8/Source/WebCore/loader/SubframeLoader.cpp 2012-06-02 20:31:11 UTC (rev 119335)
@@ -239,7 +239,9 @@
frame->navigationScheduler()->scheduleLocationChange(m_frame->document()->securityOrigin(), url.string(), m_frame->loader()->outgoingReferrer(), lockHistory, lockBackForwardList);
else
frame = loadSubframe(ownerElement, url, frameName, m_frame->loader()->outgoingReferrer());
- return frame;
+
+ ASSERT(ownerElement->contentFrame() == frame || !ownerElement->contentFrame());
+ return ownerElement->contentFrame();
}
Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement* ownerElement, const KURL& url, const String& name, const String& referrer)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
