Title: [132816] branches/chromium/1271
- Revision
- 132816
- Author
- [email protected]
- Date
- 2012-10-29 10:35:54 -0700 (Mon, 29 Oct 2012)
Log Message
Merge 131670
BUG=152585
Review URL: https://codereview.chromium.org/11342010
Modified Paths
Added Paths
Diff
Copied: branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt (from rev 131670, trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt) (0 => 132816)
--- branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt (rev 0)
+++ branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2-expected.txt 2012-10-29 17:35:54 UTC (rev 132816)
@@ -0,0 +1,4 @@
+CONSOLE MESSAGE: Cross-origin image load denied by Cross-Origin Resource Sharing policy.
+Test passes if it doesn't crash.
+
+
Copied: branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2.html (from rev 131670, trunk/LayoutTests/http/tests/security/video-poster-cross-origin-crash2.html) (0 => 132816)
--- branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2.html (rev 0)
+++ branches/chromium/1271/LayoutTests/http/tests/security/video-poster-cross-origin-crash2.html 2012-10-29 17:35:54 UTC (rev 132816)
@@ -0,0 +1,27 @@
+<p>Test passes if it doesn't crash.</p>
+<div id="tCF2">
+ <div>
+ <video src=""
+ <video crossorigin="" poster="http://localhost:8080/nonesuch.png"></video>
+ </div>
+</div>
+<script>
+function init()
+{
+ setTimeout('crash()', 0);
+}
+
+function crash()
+{
+ tCF2.innerHTML = '';
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+document.addEventListener('DOMContentLoaded', init, false);
+</script>
+
Modified: branches/chromium/1271/Source/WebCore/loader/ImageLoader.cpp (132815 => 132816)
--- branches/chromium/1271/Source/WebCore/loader/ImageLoader.cpp 2012-10-29 17:30:56 UTC (rev 132815)
+++ branches/chromium/1271/Source/WebCore/loader/ImageLoader.cpp 2012-10-29 17:35:54 UTC (rev 132816)
@@ -129,7 +129,7 @@
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
}
void ImageLoader::setImageWithoutConsideringPendingLoadEvent(CachedImage* newImage)
@@ -248,7 +248,7 @@
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
}
void ImageLoader::updateFromElementIgnoringPreviousError()
@@ -286,7 +286,7 @@
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
return;
}
@@ -294,7 +294,7 @@
m_hasPendingLoadEvent = false;
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
return;
}
@@ -341,18 +341,17 @@
imageResource->setCachedImage(m_image.get());
}
-void ImageLoader::updatedHasPendingLoadEvent()
+void ImageLoader::updatedHasPendingEvent()
{
- // If an Element that does image loading is removed from the DOM the load event for the image is still observable.
+ // If an Element that does image loading is removed from the DOM the load/error event for the image is still observable.
// As long as the ImageLoader is actively loading, the Element itself needs to be ref'ed to keep it from being
// destroyed by DOM manipulation or garbage collection.
// If such an Element wishes for the load to stop when removed from the DOM it needs to stop the ImageLoader explicitly.
-
- if (m_hasPendingLoadEvent == m_elementIsProtected)
+ bool wasProtected = m_elementIsProtected;
+ m_elementIsProtected = m_hasPendingLoadEvent || m_hasPendingErrorEvent;
+ if (wasProtected == m_elementIsProtected)
return;
- m_elementIsProtected = m_hasPendingLoadEvent;
-
if (m_elementIsProtected)
client()->refSourceElement();
else
@@ -397,7 +396,7 @@
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
}
void ImageLoader::dispatchPendingLoadEvent()
@@ -413,7 +412,7 @@
// Only consider updating the protection ref-count of the Element immediately before returning
// from this function as doing so might result in the destruction of this ImageLoader.
- updatedHasPendingLoadEvent();
+ updatedHasPendingEvent();
}
void ImageLoader::dispatchPendingErrorEvent()
Modified: branches/chromium/1271/Source/WebCore/loader/ImageLoader.h (132815 => 132816)
--- branches/chromium/1271/Source/WebCore/loader/ImageLoader.h 2012-10-29 17:30:56 UTC (rev 132815)
+++ branches/chromium/1271/Source/WebCore/loader/ImageLoader.h 2012-10-29 17:35:54 UTC (rev 132816)
@@ -82,7 +82,7 @@
virtual void dispatchLoadEvent() = 0;
virtual String sourceURI(const AtomicString&) const = 0;
- void updatedHasPendingLoadEvent();
+ void updatedHasPendingEvent();
void dispatchPendingBeforeLoadEvent();
void dispatchPendingLoadEvent();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
