[webkit-changes] [166049] trunk

[akling]

Title: [166049] trunk

Revision

166049

Author

akl...@apple.com

Date

2014-03-21 00:31:39 -0700 (Fri, 21 Mar 2014)

Log Message

HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
<rdar://problem/15675780>

Merge Blink r156744 by Adam Klein.

Source/WebCore:

Test: fast/frames/set-iframe-src-in-pagehide-crash.html

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadSubframe):

LayoutTests:

* fast/frames/set-iframe-src-in-pagehide-crash-expected.txt: Added.
* fast/frames/set-iframe-src-in-pagehide-crash.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/SubframeLoader.cpp

Added Paths

• trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash-expected.txt
• trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (166048 => 166049)

--- trunk/LayoutTests/ChangeLog	2014-03-21 07:25:05 UTC (rev 166048)
+++ trunk/LayoutTests/ChangeLog	2014-03-21 07:31:39 UTC (rev 166049)
@@ -1,3 +1,13 @@
+2014-03-21  Andreas Kling  <akl...@apple.com>
+
+        HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
+        <rdar://problem/15675780>
+
+        Merge Blink r156744 by Adam Klein.
+
+        * fast/frames/set-iframe-src-in-pagehide-crash-expected.txt: Added.
+        * fast/frames/set-iframe-src-in-pagehide-crash.html: Added.
+
 2014-03-20  Brian Burg  <bb...@apple.com>
 
         Web Inspector: add frontend controller and models for replay sessions

Added: trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash-expected.txt (0 => 166049)

--- trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash-expected.txt	2014-03-21 07:31:39 UTC (rev 166049)
@@ -0,0 +1,11 @@
+Setting an iframe's src in a pagehide handler should not create a frame (nor a crash)
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS subframe.contentWindow is null
+did not crash
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash.html (0 => 166049)

--- trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/frames/set-iframe-src-in-pagehide-crash.html	2014-03-21 07:31:39 UTC (rev 166049)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<body>
+<div id=one><iframe></iframe></div>
+<div id=two></div>
+<div id=three></div>
+<script src=""
+<script>
+
+description("Setting an iframe's src in a pagehide handler should not create a frame (nor a crash)");
+
+var div1 = document.getElementById('one');
+var div2 = document.getElementById('two');
+var div3 = document.getElementById('three');
+var subframe = document.querySelector('iframe');
+
+subframe.contentWindow._onpagehide_ = function() {
+    div2.appendChild(div1);
+    subframe.src = '';
+    shouldBeNull("subframe.contentWindow");
+};
+subframe.remove();
+div3.appendChild(subframe);
+subframe.remove();
+debug("did not crash");
+</script>
+<script src=""

Modified: trunk/Source/WebCore/ChangeLog (166048 => 166049)

--- trunk/Source/WebCore/ChangeLog	2014-03-21 07:25:05 UTC (rev 166048)
+++ trunk/Source/WebCore/ChangeLog	2014-03-21 07:31:39 UTC (rev 166049)
@@ -1,3 +1,15 @@
+2014-03-21  Andreas Kling  <akl...@apple.com>
+
+        HTMLFrameOwnerElement should obey the SubframeLoadingDisabler when creating subframes
+        <rdar://problem/15675780>
+
+        Merge Blink r156744 by Adam Klein.
+
+        Test: fast/frames/set-iframe-src-in-pagehide-crash.html
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadSubframe):
+
 2014-03-21  Darin Adler  <da...@apple.com>
 
         Improve idiom used for string building in a few places

Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (166048 => 166049)

--- trunk/Source/WebCore/loader/SubframeLoader.cpp	2014-03-21 07:25:05 UTC (rev 166048)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp	2014-03-21 07:31:39 UTC (rev 166049)
@@ -354,6 +354,9 @@
         return nullptr;
     }
 
+    if (!SubframeLoadingDisabler::canLoadFrame(ownerElement))
+        return nullptr;
+
     String referrerToUse = SecurityPolicy::generateReferrerHeader(ownerElement.document().referrerPolicy(), url, referrer);
     RefPtr<Frame> frame = m_frame.loader().client().createFrame(url, name, &ownerElement, referrerToUse, allowsScrolling, marginWidth, marginHeight);
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes