Diff
Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (195614 => 195615)
--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog 2016-01-26 21:19:55 UTC (rev 195615)
@@ -1,3 +1,13 @@
+2016-01-20 Andy Estes <[email protected]>
+
+ Re-enable synchronous popstate event for safari-601-branch
+ https://bugs.webkit.org/show_bug.cgi?id=153297
+ rdar://problem/24154417
+
+ Reviewed by Brent Fulgham.
+
+ * fast/loader/stateobjects/popstate-is-asynchronous-expected.txt: Updated to expect popstate to be dispatched synchronously.
+
2016-01-25 Matthew Hanson <[email protected]>
Merge r195492. rdar://problem/24001780
Modified: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt (195614 => 195615)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/popstate-is-asynchronous-expected.txt 2016-01-26 21:19:55 UTC (rev 195615)
@@ -5,7 +5,6 @@
onload fired
popstate fired
Setting hash to #foo
-Set hash to #foo
popstate fired
PASS successfullyParsed is true
Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (195614 => 195615)
--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-26 21:19:55 UTC (rev 195615)
@@ -1,3 +1,39 @@
+2016-01-20 Andy Estes <[email protected]>
+
+ Re-enable synchronous popstate event for safari-601-branch
+ https://bugs.webkit.org/show_bug.cgi?id=153297
+ rdar://problem/24154417
+
+ Reviewed by Brent Fulgham.
+
+ r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do.
+ However, due to compatibility regressions, we do not want to include this behavior change in
+ safari-601-branch. This change reverts r192369's changes to Document.cpp, but retains the new tests.
+ This change is intended only for safari-601-branch and its copies. The popstate event should remain
+ asynchronous in trunk.
+
+ Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.
+ Html and fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate
+ handlers remove frames from the document that will later be accessed by
+ HistoryController::recursiveGoToItem().
+
+ To prevent the crashes, this change does two things:
+ 1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
+ loadInSameDocument() might otherwise delete it.
+ 2. Handle a null frame when iterating a HistoryItem's child frames in
+ HistoryController::recursiveGoToItem(), since calling goToItem() on one frame might cause another
+ frame to be deleted.
+
+ Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous-expected.txt was updated
+ to expect popstate to be synchronous.
+
+ * dom/Document.cpp:
+ (WebCore::Document::enqueuePopstateEvent):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::loadSameDocumentItem):
+ * loader/HistoryController.cpp:
+ (WebCore::HistoryController::recursiveGoToItem):
+
2016-01-25 Matthew Hanson <[email protected]>
Merge r195477. rdar://problem/24001780
Modified: branches/safari-601.1.46-branch/Source/WebCore/dom/Document.cpp (195614 => 195615)
--- branches/safari-601.1.46-branch/Source/WebCore/dom/Document.cpp 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/Source/WebCore/dom/Document.cpp 2016-01-26 21:19:55 UTC (rev 195615)
@@ -5364,7 +5364,7 @@
void Document::enqueuePopstateEvent(PassRefPtr<SerializedScriptValue> stateObject)
{
- enqueueWindowEvent(PopStateEvent::create(stateObject, m_domWindow ? m_domWindow->history() : nullptr));
+ dispatchWindowEvent(PopStateEvent::create(stateObject, m_domWindow ? m_domWindow->history() : nullptr));
}
void Document::addMediaCanStartListener(MediaCanStartListener* listener)
Modified: branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp (195614 => 195615)
--- branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/Source/WebCore/loader/FrameLoader.cpp 2016-01-26 21:19:55 UTC (rev 195615)
@@ -3191,6 +3191,8 @@
{
ASSERT(item.documentSequenceNumber() == history().currentItem()->documentSequenceNumber());
+ Ref<Frame> protect(m_frame);
+
// Save user view state to the current history item here since we don't do a normal load.
// FIXME: Does form state need to be saved here too?
history().saveScrollPositionAndViewStateToItem(history().currentItem());
Modified: branches/safari-601.1.46-branch/Source/WebCore/loader/HistoryController.cpp (195614 => 195615)
--- branches/safari-601.1.46-branch/Source/WebCore/loader/HistoryController.cpp 2016-01-26 21:19:12 UTC (rev 195614)
+++ branches/safari-601.1.46-branch/Source/WebCore/loader/HistoryController.cpp 2016-01-26 21:19:55 UTC (rev 195615)
@@ -761,9 +761,8 @@
HistoryItem* fromChildItem = fromItem->childItemWithTarget(childFrameName);
ASSERT(fromChildItem);
- Frame* childFrame = m_frame.tree().child(childFrameName);
- ASSERT(childFrame);
- childFrame->loader().history().recursiveGoToItem(const_cast<HistoryItem&>(childItem.get()), fromChildItem, type);
+ if (Frame* childFrame = m_frame.tree().child(childFrameName))
+ childFrame->loader().history().recursiveGoToItem(const_cast<HistoryItem&>(childItem.get()), fromChildItem, type);
}
}
