Title: [182531] releases/WebKitGTK/webkit-2.4
- Revision
- 182531
- Author
- [email protected]
- Date
- 2015-04-08 01:20:01 -0700 (Wed, 08 Apr 2015)
Log Message
Merge r174922 - Ensure attached frame count doesn't exceed the maximum allowed frames
https://bugs.webkit.org/show_bug.cgi?id=136457
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Test: fast/frames/exponential-frames.html
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::isURLAllowed):
LayoutTests:
* fast/frames/exponential-frames-expected.txt: Added.
* fast/frames/exponential-frames.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog (182530 => 182531)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2015-04-08 08:16:10 UTC (rev 182530)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2015-04-08 08:20:01 UTC (rev 182531)
@@ -1,3 +1,13 @@
+2014-10-17 Jeffrey Pfau <[email protected]>
+
+ Ensure attached frame count doesn't exceed the maximum allowed frames
+ https://bugs.webkit.org/show_bug.cgi?id=136457
+
+ Reviewed by Alexey Proskuryakov.
+
+ * fast/frames/exponential-frames-expected.txt: Added.
+ * fast/frames/exponential-frames.html: Added.
+
2014-10-16 Alexey Proskuryakov <[email protected]>
REGRESSION (r169024): Undetermined text is not displayed in the search field of Adobe Help Website
Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames-expected.txt (0 => 182531)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames-expected.txt 2015-04-08 08:20:01 UTC (rev 182531)
@@ -0,0 +1 @@
+This test passes if it does not crash.
Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames.html (0 => 182531)
--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames.html (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/frames/exponential-frames.html 2015-04-08 08:20:01 UTC (rev 182531)
@@ -0,0 +1,25 @@
+<html>
+<head>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<body>
+This test passes if it does not crash.
+<script>
+var elem = document.body;
+var frame = document.createElement("iframe");
+frame.setAttribute("id", "frame");
+document.body.appendChild(frame);
+var div = document.createElement("div");
+div.setAttribute("id", "div");
+frame.appendChild(div);
+for (var i = 0; i < 10; i++) {
+ var div = document.getElementById("div");
+ var clone = elem.parentElement.cloneNode(true);
+ div.appendChild(clone);
+}
+frame.parentElement.removeChild(frame);
+</script>
+</body>
+</html>
Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog (182530 => 182531)
--- releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2015-04-08 08:16:10 UTC (rev 182530)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2015-04-08 08:20:01 UTC (rev 182531)
@@ -1,3 +1,15 @@
+2014-10-17 Jeffrey Pfau <[email protected]>
+
+ Ensure attached frame count doesn't exceed the maximum allowed frames
+ https://bugs.webkit.org/show_bug.cgi?id=136457
+
+ Reviewed by Alexey Proskuryakov.
+
+ Test: fast/frames/exponential-frames.html
+
+ * html/HTMLFrameElementBase.cpp:
+ (WebCore::HTMLFrameElementBase::isURLAllowed):
+
2014-10-16 Alexey Proskuryakov <[email protected]>
REGRESSION (r169024): Undetermined text is not displayed in the search field of Adobe Help Website
Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFrameElementBase.cpp (182530 => 182531)
--- releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFrameElementBase.cpp 2015-04-08 08:16:10 UTC (rev 182530)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/html/HTMLFrameElementBase.cpp 2015-04-08 08:20:01 UTC (rev 182531)
@@ -56,6 +56,9 @@
bool HTMLFrameElementBase::isURLAllowed() const
{
+ if (document().page() && document().page()->subframeCount() >= Page::maxNumberOfFrames)
+ return false;
+
if (m_URL.isEmpty())
return true;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
