Diff
Modified: trunk/LayoutTests/ChangeLog (195495 => 195496)
--- trunk/LayoutTests/ChangeLog 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/LayoutTests/ChangeLog 2016-01-23 01:04:59 UTC (rev 195496)
@@ -1,3 +1,24 @@
+2016-01-22 Chris Dumez <[email protected]>
+
+ Document.open / Document.write should be prevented while the document is being unloaded
+ https://bugs.webkit.org/show_bug.cgi?id=153255
+ <rdar://problem/22741293>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add layout tests that cover calling Document.open / Document.write from
+ unload and pagehide handlers.
+
+ * fast/frames/page-hide-document-open-expected.txt: Added.
+ * fast/frames/page-hide-document-open.html: Added.
+ * fast/frames/page-unload-document-open-expected.txt: Added.
+ * fast/frames/page-unload-document-open.html: Added.
+ * fast/frames/resources/finish-test.html: Added.
+ * fast/frames/resources/page-hide-document-open-frame.html: Added.
+ * fast/frames/resources/page-hide-document-open-win.html: Added.
+ * fast/frames/resources/page-unload-document-open-frame.html: Added.
+ * fast/frames/resources/page-unload-document-open-win.html: Added.
+
2016-01-22 Brady Eidson <[email protected]>
Modern IDB: Implement put, get, and delete records for the SQLite backend.
Added: trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt (0 => 195496)
--- trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1 @@
+Passes if it does not crash.
Added: trunk/LayoutTests/fast/frames/page-hide-document-open.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/page-hide-document-open.html (rev 0)
+++ trunk/LayoutTests/fast/frames/page-hide-document-open.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+Passes if it does not crash.
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.overridePreference('WebKitUsesPageCachePreferenceKey', 1);
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+}
+win = window.open("resources/page-hide-document-open-win.html");
+</script>
Added: trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt (0 => 195496)
--- trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,2 @@
+frame "<!--framePath //<!--frame0-->-->" - has 1 onunload handler(s)
+Passes if it does not crash.
Added: trunk/LayoutTests/fast/frames/page-unload-document-open.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/page-unload-document-open.html (rev 0)
+++ trunk/LayoutTests/fast/frames/page-unload-document-open.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+Passes if it does not crash.
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+}
+win = window.open("resources/page-unload-document-open-win.html");
+</script>
Added: trunk/LayoutTests/fast/frames/resources/finish-test.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/resources/finish-test.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/finish-test.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<script>
+_onload_ = function() {
+ if (window.testRunner)
+ testRunner.notifyDone();
+};
+</script>
Added: trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function runTest()
+{
+ parent.document.open();
+ parent.document.write('FAIL: document.open() has canceled the navigation');
+ parent.document.close();
+}
+</script>
+</head>
+<body _onpagehide_="runTest()">
+<p>FAIL
+</body>
+</html>
Added: trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+_onload_ = function() {
+ setTimeout(function() { document.links[0].click() }, 0);
+};
+</script>
+</head>
+<body>
+<p><a href="" Test</a>
+<p><iframe src=""
+</body>
+</html>
Added: trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function runTest()
+{
+ parent.document.open();
+ parent.document.write('FAIL: document.open() has canceled the navigation');
+ parent.document.close();
+}
+</script>
+</head>
+<body _onunload_="runTest()">
+<p>FAIL
+</body>
+</html>
Added: trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html (0 => 195496)
--- trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+_onload_ = function() {
+ setTimeout(function() { document.links[0].click() }, 0);
+};
+</script>
+</head>
+<body>
+<p><a href="" Test</a>
+<p><iframe src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (195495 => 195496)
--- trunk/Source/WebCore/ChangeLog 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/ChangeLog 2016-01-23 01:04:59 UTC (rev 195496)
@@ -1,3 +1,75 @@
+2016-01-22 Chris Dumez <[email protected]>
+
+ Document.open / Document.write should be prevented while the document is being unloaded
+ https://bugs.webkit.org/show_bug.cgi?id=153255
+ <rdar://problem/22741293>
+
+ Reviewed by Ryosuke Niwa.
+
+ Document.open / Document.write should be prevented while the document
+ is being unloaded, as per the HTML specification:
+ - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
+ - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
+
+ This patch is aligning our behavior with the specification and Firefox.
+ Calling Document.open / Document.write during the document was being
+ unloaded would cause us to crash as this was unexpected.
+
+ Tests: fast/frames/page-hide-document-open.html
+ fast/frames/page-unload-document-open.html
+
+ * WebCore.xcodeproj/project.pbxproj:
+ Add new IgnoreOpensDuringUnloadCountIncrementer.h header.
+
+ * dom/Document.cpp:
+ (WebCore::Document::open):
+ Abort if the document's ignore-opens-during-unload counter is greater
+ than zero, as per:
+ https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
+
+ (WebCore::Document::write):
+ Abort if the insertion point is undefined and the document's
+ ignore-opens-during-unload counter is greater than zero, as per:
+ https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
+
+ * dom/Document.h:
+ Add data member to maintain the document's ignore-opens-during-unload counter:
+ https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
+
+ * dom/IgnoreOpensDuringUnloadCountIncrementer.h: Added.
+ Add utility class to increment / decrement a document's
+ ignore-opens-during-unload counter.
+
+ * history/CachedFrame.cpp:
+ (WebCore::CachedFrame::CachedFrame):
+ When a page goes into PageCache, we don't end up calling
+ FrameLoader::detachChildren() so we need to increment the document's
+ ignore-opens-during-unload counter before calling stopLoading() on each
+ subframe.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::detachChildren):
+ detachChildren() will end up firing the pagehide / unload events in each
+ child frame so we increment the parent frame's document's
+ ignore-opens-during-unload counter. This behavior matches the text of:
+ https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+
+ As per the spec, the document's ignore-opens-during-unload counter should
+ be incremented before firing the pagehide / unload events at the document's
+ Window object. It should be decremented only after firing the pagehide /
+ unload events in each subframe. This is needed in case a subframe tries to
+ call document.open / document.write on a parent frame's document, from its
+ pagehide or unload handler.
+
+ (WebCore::FrameLoader::dispatchUnloadEvents):
+ Increment the document's ignore-opens-during-unload counter before firing
+ the pagehide / unload events and decrement it after. As per the spec, we
+ are not supposed to decrement this early. We actually supposed to wait
+ until the pagehide / unload events have been fired in all the subframes.
+ For this reason, we take care of re-incrementing the document's
+ ignore-opens-during-unload in detachChildren(), which will take care of
+ firing the pagehide / unload in the subframes.
+
2016-01-22 Brady Eidson <[email protected]>
Modern IDB: Implement put, get, and delete records for the SQLite backend.
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (195495 => 195496)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-01-23 01:04:59 UTC (rev 195496)
@@ -1700,6 +1700,7 @@
463EB6221B8789E00096ED51 /* TagCollection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 463EB6201B8789CB0096ED51 /* TagCollection.cpp */; };
463EB6231B8789E00096ED51 /* TagCollection.h in Headers */ = {isa = PBXBuildFile; fileRef = 463EB6211B8789CB0096ED51 /* TagCollection.h */; };
4669B2871B852A0B000F905F /* JSDOMNamedFlowCollectionCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46F2768E1B85297F005C2556 /* JSDOMNamedFlowCollectionCustom.cpp */; };
+ 467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */ = {isa = PBXBuildFile; fileRef = 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */; };
4689F1AF1267BAE100E8D380 /* FileMetadata.h in Headers */ = {isa = PBXBuildFile; fileRef = 4689F1AE1267BAE100E8D380 /* FileMetadata.h */; };
46C83EFD1A9BBE2900A79A41 /* GeoNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46C83EFB1A9BBE2900A79A41 /* GeoNotifier.cpp */; };
46C83EFE1A9BBE2900A79A41 /* GeoNotifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 46C83EFC1A9BBE2900A79A41 /* GeoNotifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -9120,6 +9121,7 @@
4634592B1AC2271000ECB71C /* PowerObserverMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PowerObserverMac.cpp; sourceTree = "<group>"; };
463EB6201B8789CB0096ED51 /* TagCollection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagCollection.cpp; sourceTree = "<group>"; };
463EB6211B8789CB0096ED51 /* TagCollection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagCollection.h; sourceTree = "<group>"; };
+ 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IgnoreOpensDuringUnloadCountIncrementer.h; sourceTree = "<group>"; };
4689F1AE1267BAE100E8D380 /* FileMetadata.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FileMetadata.h; sourceTree = "<group>"; };
46C83EFB1A9BBE2900A79A41 /* GeoNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GeoNotifier.cpp; sourceTree = "<group>"; };
46C83EFC1A9BBE2900A79A41 /* GeoNotifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GeoNotifier.h; sourceTree = "<group>"; };
@@ -24004,6 +24006,7 @@
C3CF17A215B0063F00276D39 /* IdTargetObserverRegistry.cpp */,
C3CF17A315B0063F00276D39 /* IdTargetObserverRegistry.h */,
8AB4BC76126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h */,
+ 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */,
AA4C3A740B2B1679002334A2 /* InlineStyleSheetOwner.cpp */,
AA4C3A750B2B1679002334A2 /* InlineStyleSheetOwner.h */,
85031B2D0A44EFC700F992E0 /* KeyboardEvent.cpp */,
@@ -25624,6 +25627,7 @@
976D6C89122B8A3D001FD1F7 /* FileReader.h in Headers */,
2E75841E12779ADA0062628B /* FileReaderLoader.h in Headers */,
2E75841F12779ADA0062628B /* FileReaderLoaderClient.h in Headers */,
+ 467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */,
2EDF369D122C94B4002F7D4E /* FileReaderSync.h in Headers */,
2EF1BFEB121C9F4200C27627 /* FileStream.h in Headers */,
2EF1BFF9121CB0CE00C27627 /* FileStreamClient.h in Headers */,
Modified: trunk/Source/WebCore/dom/Document.cpp (195495 => 195496)
--- trunk/Source/WebCore/dom/Document.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-01-23 01:04:59 UTC (rev 195496)
@@ -475,7 +475,6 @@
, m_gotoAnchorNeededAfterStylesheetsLoad(false)
, m_frameElementsShouldIgnoreScrolling(false)
, m_updateFocusAppearanceRestoresSelection(SelectionRestorationMode::SetDefault)
- , m_ignoreDestructiveWriteCount(0)
, m_markers(std::make_unique<DocumentMarkerController>(*this))
, m_updateFocusAppearanceTimer(*this, &Document::updateFocusAppearanceTimerFired)
, m_cssTarget(nullptr)
@@ -2497,6 +2496,9 @@
void Document::open(Document* ownerDocument)
{
+ if (m_ignoreOpensDuringUnloadCount)
+ return;
+
if (ownerDocument) {
setURL(ownerDocument->url());
setCookieURL(ownerDocument->cookieURL());
@@ -2845,7 +2847,7 @@
#endif
bool hasInsertionPoint = m_parser && m_parser->hasInsertionPoint();
- if (!hasInsertionPoint && m_ignoreDestructiveWriteCount)
+ if (!hasInsertionPoint && (m_ignoreOpensDuringUnloadCount || m_ignoreDestructiveWriteCount))
return;
if (!hasInsertionPoint)
Modified: trunk/Source/WebCore/dom/Document.h (195495 => 195496)
--- trunk/Source/WebCore/dom/Document.h 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/dom/Document.h 2016-01-23 01:04:59 UTC (rev 195496)
@@ -1338,6 +1338,7 @@
private:
friend class Node;
friend class IgnoreDestructiveWriteCountIncrementer;
+ friend class IgnoreOpensDuringUnloadCountIncrementer;
void updateTitleElement(Element* newTitleElement);
@@ -1528,9 +1529,12 @@
bool m_frameElementsShouldIgnoreScrolling;
SelectionRestorationMode m_updateFocusAppearanceRestoresSelection;
- // http://www.whatwg.org/specs/web-apps/current-work/#ignore-destructive-writes-counter
- unsigned m_ignoreDestructiveWriteCount;
+ // https://html.spec.whatwg.org/multipage/webappapis.html#ignore-destructive-writes-counter
+ unsigned m_ignoreDestructiveWriteCount { 0 };
+ // https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
+ unsigned m_ignoreOpensDuringUnloadCount { 0 };
+
unsigned m_styleRecalcCount { 0 };
StringWithDirection m_title;
Added: trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h (0 => 195496)
--- trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h (rev 0)
+++ trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h 2016-01-23 01:04:59 UTC (rev 195496)
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef IgnoreOpensDuringUnloadCountIncrementer_h
+#define IgnoreOpensDuringUnloadCountIncrementer_h
+
+#include "Document.h"
+
+namespace WebCore {
+
+class IgnoreOpensDuringUnloadCountIncrementer {
+ WTF_MAKE_NONCOPYABLE(IgnoreOpensDuringUnloadCountIncrementer);
+public:
+ explicit IgnoreOpensDuringUnloadCountIncrementer(Document* document)
+ : m_count(document ? &document->m_ignoreOpensDuringUnloadCount : nullptr)
+ {
+ if (!m_count)
+ return;
+ ++(*m_count);
+ }
+
+ ~IgnoreOpensDuringUnloadCountIncrementer()
+ {
+ if (!m_count)
+ return;
+ --(*m_count);
+ }
+
+private:
+ unsigned* m_count;
+};
+
+} // namespace WebCore
+
+#endif // IgnoreOpensDuringUnloadCountIncrementer_h
Modified: trunk/Source/WebCore/history/CachedFrame.cpp (195495 => 195496)
--- trunk/Source/WebCore/history/CachedFrame.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/history/CachedFrame.cpp 2016-01-23 01:04:59 UTC (rev 195496)
@@ -39,6 +39,7 @@
#include "FrameView.h"
#include "HistoryController.h"
#include "HistoryItem.h"
+#include "IgnoreOpensDuringUnloadCountIncrementer.h"
#include "Logging.h"
#include "MainFrame.h"
#include "Page.h"
@@ -157,10 +158,18 @@
m_document->setInPageCache(true);
frame.loader().stopLoading(UnloadEventPolicyUnloadAndPageHide);
- // Create the CachedFrames for all Frames in the FrameTree.
- for (Frame* child = frame.tree().firstChild(); child; child = child->tree().nextSibling())
- m_childFrames.append(std::make_unique<CachedFrame>(*child));
+ {
+ // The following will fire the pagehide event in each subframe and the HTML specification states
+ // that the parent document's ignore-opens-during-unload counter should be incremented while the
+ // pagehide event is being fired in its subframes:
+ // https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_document.get());
+ // Create the CachedFrames for all Frames in the FrameTree.
+ for (Frame* child = frame.tree().firstChild(); child; child = child->tree().nextSibling())
+ m_childFrames.append(std::make_unique<CachedFrame>(*child));
+ }
+
// Active DOM objects must be suspended before we cache the frame script data,
// but after we've fired the pagehide event, in case that creates more objects.
// Suspending must also happen after we've recursed over child frames, in case
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (195495 => 195496)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2016-01-23 01:04:59 UTC (rev 195496)
@@ -77,6 +77,7 @@
#include "HistoryController.h"
#include "HistoryItem.h"
#include "IconController.h"
+#include "IgnoreOpensDuringUnloadCountIncrementer.h"
#include "InspectorController.h"
#include "InspectorInstrumentation.h"
#include "LoaderStrategy.h"
@@ -2426,6 +2427,12 @@
void FrameLoader::detachChildren()
{
+ // detachChildren() will fire the unload event in each subframe and the
+ // HTML specification states that the parent document's ignore-opens-during-unload counter while
+ // this event is being fired in its subframes:
+ // https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document());
+
Vector<Ref<Frame>, 16> childrenToDetach;
childrenToDetach.reserveInitialCapacity(m_frame.tree().childCount());
for (Frame* child = m_frame.tree().lastChild(); child; child = child->tree().previousSibling())
@@ -2878,6 +2885,7 @@
// We store the frame's page in a local variable because the frame might get detached inside dispatchEvent.
ForbidPromptsScope forbidPrompts(m_frame.page());
+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document());
if (m_didCallImplicitClose && !m_wasUnloadEventEmitted) {
auto* currentFocusedElement = m_frame.document()->focusedElement();
