Diff
Modified: branches/safari-601.1.46-branch/LayoutTests/ChangeLog (195709 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/ChangeLog 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/LayoutTests/ChangeLog 2016-01-28 00:38:44 UTC (rev 195710)
@@ -1,5 +1,43 @@
2016-01-27 Babak Shafiei <[email protected]>
+ Merge r195625.
+
+ 2016-01-26 Brady Eidson <[email protected]>
+
+ History.pushState causes intense memory pressure.
+ https://bugs.webkit.org/show_bug.cgi?id=153435
+
+ Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen.
+
+ * TestExpectations: Mark some of the new tests as slow.
+
+ * fast/loader/stateobjects/pushstate-frequency-expected.txt: Added.
+ * fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt: Added.
+ * fast/loader/stateobjects/pushstate-frequency-iframe.html: Added.
+ * fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt: Added.
+ * fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html: Added.
+ * fast/loader/stateobjects/pushstate-frequency.html: Added.
+ * fast/loader/stateobjects/replacestate-frequency-expected.txt: Added.
+ * fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt: Added.
+ * fast/loader/stateobjects/replacestate-frequency-iframe.html: Added.
+ * fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt: Added.
+ * fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html: Added.
+ * fast/loader/stateobjects/replacestate-frequency.html: Added.
+ * fast/loader/stateobjects/resources/pushstate-iframe.html: Added.
+ * fast/loader/stateobjects/resources/replacestate-iframe.html: Added.
+ * loader/stateobjects/pushstate-size-expected.txt: Added.
+ * loader/stateobjects/pushstate-size-iframe-expected.txt: Added.
+ * loader/stateobjects/pushstate-size-iframe.html: Added.
+ * loader/stateobjects/pushstate-size.html: Added.
+ * loader/stateobjects/replacestate-size-expected.txt: Added.
+ * loader/stateobjects/replacestate-size-iframe-expected.txt: Added.
+ * loader/stateobjects/replacestate-size-iframe.html: Added.
+ * loader/stateobjects/replacestate-size.html: Added.
+ * loader/stateobjects/resources/pushstate-iframe.html: Added.
+ * loader/stateobjects/resources/replacestate-iframe.html: Added.
+
+2016-01-27 Babak Shafiei <[email protected]>
+
Merge r195671.
2016-01-26 Jer Noble <[email protected]>
Modified: branches/safari-601.1.46-branch/LayoutTests/TestExpectations (195709 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/TestExpectations 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/LayoutTests/TestExpectations 2016-01-28 00:38:44 UTC (rev 195710)
@@ -580,3 +580,9 @@
webkit.org/b/150183 fast/css/variables/test-suite/failures/161.html [ ImageOnlyFailure ]
webkit.org/b/150183 fast/css/variables/test-suite/failures/163.html [ ImageOnlyFailure ]
webkit.org/b/150183 fast/css/variables/test-suite/failures/169.html [ ImageOnlyFailure ]
+
+# These state object tests purposefully stress a resource limit, and take multiple seconds to run.
+loader/stateobjects/pushstate-size-iframe.html [ Slow ]
+loader/stateobjects/pushstate-size.html [ Slow ]
+loader/stateobjects/replacestate-size-iframe.html [ Slow ]
+loader/stateobjects/replacestate-size.html [ Slow ]
\ No newline at end of file
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,104 @@
+Test should complete quickly and not crash.
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+Successfully added item: 75
+Successfully added item: 76
+Successfully added item: 77
+Successfully added item: 78
+Successfully added item: 79
+Successfully added item: 80
+Successfully added item: 81
+Successfully added item: 82
+Successfully added item: 83
+Successfully added item: 84
+Successfully added item: 85
+Successfully added item: 86
+Successfully added item: 87
+Successfully added item: 88
+Successfully added item: 89
+Successfully added item: 90
+Successfully added item: 91
+Successfully added item: 92
+Successfully added item: 93
+Successfully added item: 94
+Successfully added item: 95
+Successfully added item: 96
+Successfully added item: 97
+Successfully added item: 98
+Successfully added item: 99
+Error: SecurityError: DOM Exception 18
+Test complete
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,111 @@
+Test should complete quickly and not crash.
+Test does pushStates both from the main frame and from an iframe and makes sure they both count against state object count limit.
+Click to test pushState through a user gesture
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Adding state objects in iframe
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Expected exception: Error: SecurityError: DOM Exception 18
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-iframe.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,40 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ try {
+ for( var i = 0; i < 75; ++i ) {
+ history.pushState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ openFrame();
+}
+
+function openFrame()
+{
+ var iframe = document.createElement('iframe');
+ iframe.src = ''
+ document.body.appendChild(iframe);
+}
+
+</script>
+<body>
+Test should complete quickly and not crash.<br>
+Test does pushStates both from the main frame and from an iframe and makes sure they both count against state object count limit.<br>
+<button id="button" _onclick_="clicked();">Click to test pushState through a user gesture</button>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,206 @@
+Test should complete quickly and not crash.
+Click to test pushState through a user gesture
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+Successfully added item: 75
+Successfully added item: 76
+Successfully added item: 77
+Successfully added item: 78
+Successfully added item: 79
+Successfully added item: 80
+Successfully added item: 81
+Successfully added item: 82
+Successfully added item: 83
+Successfully added item: 84
+Successfully added item: 85
+Successfully added item: 86
+Successfully added item: 87
+Successfully added item: 88
+Successfully added item: 89
+Successfully added item: 90
+Successfully added item: 91
+Successfully added item: 92
+Successfully added item: 93
+Successfully added item: 94
+Successfully added item: 95
+Successfully added item: 96
+Successfully added item: 97
+Successfully added item: 98
+Successfully added item: 99
+Error: SecurityError: DOM Exception 18
+Successfully added user gesture item: 0
+Successfully added user gesture item: 1
+Successfully added user gesture item: 2
+Successfully added user gesture item: 3
+Successfully added user gesture item: 4
+Successfully added user gesture item: 5
+Successfully added user gesture item: 6
+Successfully added user gesture item: 7
+Successfully added user gesture item: 8
+Successfully added user gesture item: 9
+Successfully added user gesture item: 10
+Successfully added user gesture item: 11
+Successfully added user gesture item: 12
+Successfully added user gesture item: 13
+Successfully added user gesture item: 14
+Successfully added user gesture item: 15
+Successfully added user gesture item: 16
+Successfully added user gesture item: 17
+Successfully added user gesture item: 18
+Successfully added user gesture item: 19
+Successfully added user gesture item: 20
+Successfully added user gesture item: 21
+Successfully added user gesture item: 22
+Successfully added user gesture item: 23
+Successfully added user gesture item: 24
+Successfully added user gesture item: 25
+Successfully added user gesture item: 26
+Successfully added user gesture item: 27
+Successfully added user gesture item: 28
+Successfully added user gesture item: 29
+Successfully added user gesture item: 30
+Successfully added user gesture item: 31
+Successfully added user gesture item: 32
+Successfully added user gesture item: 33
+Successfully added user gesture item: 34
+Successfully added user gesture item: 35
+Successfully added user gesture item: 36
+Successfully added user gesture item: 37
+Successfully added user gesture item: 38
+Successfully added user gesture item: 39
+Successfully added user gesture item: 40
+Successfully added user gesture item: 41
+Successfully added user gesture item: 42
+Successfully added user gesture item: 43
+Successfully added user gesture item: 44
+Successfully added user gesture item: 45
+Successfully added user gesture item: 46
+Successfully added user gesture item: 47
+Successfully added user gesture item: 48
+Successfully added user gesture item: 49
+Successfully added user gesture item: 50
+Successfully added user gesture item: 51
+Successfully added user gesture item: 52
+Successfully added user gesture item: 53
+Successfully added user gesture item: 54
+Successfully added user gesture item: 55
+Successfully added user gesture item: 56
+Successfully added user gesture item: 57
+Successfully added user gesture item: 58
+Successfully added user gesture item: 59
+Successfully added user gesture item: 60
+Successfully added user gesture item: 61
+Successfully added user gesture item: 62
+Successfully added user gesture item: 63
+Successfully added user gesture item: 64
+Successfully added user gesture item: 65
+Successfully added user gesture item: 66
+Successfully added user gesture item: 67
+Successfully added user gesture item: 68
+Successfully added user gesture item: 69
+Successfully added user gesture item: 70
+Successfully added user gesture item: 71
+Successfully added user gesture item: 72
+Successfully added user gesture item: 73
+Successfully added user gesture item: 74
+Successfully added user gesture item: 75
+Successfully added user gesture item: 76
+Successfully added user gesture item: 77
+Successfully added user gesture item: 78
+Successfully added user gesture item: 79
+Successfully added user gesture item: 80
+Successfully added user gesture item: 81
+Successfully added user gesture item: 82
+Successfully added user gesture item: 83
+Successfully added user gesture item: 84
+Successfully added user gesture item: 85
+Successfully added user gesture item: 86
+Successfully added user gesture item: 87
+Successfully added user gesture item: 88
+Successfully added user gesture item: 89
+Successfully added user gesture item: 90
+Successfully added user gesture item: 91
+Successfully added user gesture item: 92
+Successfully added user gesture item: 93
+Successfully added user gesture item: 94
+Successfully added user gesture item: 95
+Successfully added user gesture item: 96
+Successfully added user gesture item: 97
+Successfully added user gesture item: 98
+Successfully added user gesture item: 99
+User gesture: Error: SecurityError: DOM Exception 18
+Test complete
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,51 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.pushState(0, 0, i);
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ var button = document.getElementById("button");
+ eventSender.mouseMoveTo(button.offsetLeft + 5, button.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+}
+
+function clicked()
+{
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.pushState(0, 0, i);
+ log("Successfully added user gesture item: " + i);
+ }
+ } catch (e) {
+ log("User gesture: " + e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+
+ log("Test complete");
+}
+
+</script>
+<body>
+Test should complete quickly and not crash.<br>
+<button id="button" _onclick_="clicked();">Click to test pushState through a user gesture</button>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/pushstate-frequency.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/pushstate-frequency.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,32 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function() {
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.pushState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+
+ log("Test complete");
+}
+
+</script>
+<body>
+Test should complete quickly and not crash.<br>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,104 @@
+Test should complete quickly and not crash.
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+Successfully added item: 75
+Successfully added item: 76
+Successfully added item: 77
+Successfully added item: 78
+Successfully added item: 79
+Successfully added item: 80
+Successfully added item: 81
+Successfully added item: 82
+Successfully added item: 83
+Successfully added item: 84
+Successfully added item: 85
+Successfully added item: 86
+Successfully added item: 87
+Successfully added item: 88
+Successfully added item: 89
+Successfully added item: 90
+Successfully added item: 91
+Successfully added item: 92
+Successfully added item: 93
+Successfully added item: 94
+Successfully added item: 95
+Successfully added item: 96
+Successfully added item: 97
+Successfully added item: 98
+Successfully added item: 99
+Error: SecurityError: DOM Exception 18
+Test complete
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,111 @@
+Test should not crash.
+Test does replaceStates both from the main frame and from an iframe and makes sure they both count against state object count limit.
+Click to test replaceState through a user gesture
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+Adding state objects in iframe
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Expected exception: Error: SecurityError: DOM Exception 18
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-iframe.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,40 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ try {
+ for( var i = 0; i < 75; ++i ) {
+ history.replaceState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ openFrame();
+}
+
+function openFrame()
+{
+ var iframe = document.createElement('iframe');
+ iframe.src = ''
+ document.body.appendChild(iframe);
+}
+
+</script>
+<body>
+Test should not crash.<br>
+Test does replaceStates both from the main frame and from an iframe and makes sure they both count against state object count limit.<br>
+<button id="button" _onclick_="clicked();">Click to test replaceState through a user gesture</button>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture-expected.txt 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,206 @@
+Test should complete quickly and not crash.
+Click to test replaceState through a user gesture
+Successfully added item: 0
+Successfully added item: 1
+Successfully added item: 2
+Successfully added item: 3
+Successfully added item: 4
+Successfully added item: 5
+Successfully added item: 6
+Successfully added item: 7
+Successfully added item: 8
+Successfully added item: 9
+Successfully added item: 10
+Successfully added item: 11
+Successfully added item: 12
+Successfully added item: 13
+Successfully added item: 14
+Successfully added item: 15
+Successfully added item: 16
+Successfully added item: 17
+Successfully added item: 18
+Successfully added item: 19
+Successfully added item: 20
+Successfully added item: 21
+Successfully added item: 22
+Successfully added item: 23
+Successfully added item: 24
+Successfully added item: 25
+Successfully added item: 26
+Successfully added item: 27
+Successfully added item: 28
+Successfully added item: 29
+Successfully added item: 30
+Successfully added item: 31
+Successfully added item: 32
+Successfully added item: 33
+Successfully added item: 34
+Successfully added item: 35
+Successfully added item: 36
+Successfully added item: 37
+Successfully added item: 38
+Successfully added item: 39
+Successfully added item: 40
+Successfully added item: 41
+Successfully added item: 42
+Successfully added item: 43
+Successfully added item: 44
+Successfully added item: 45
+Successfully added item: 46
+Successfully added item: 47
+Successfully added item: 48
+Successfully added item: 49
+Successfully added item: 50
+Successfully added item: 51
+Successfully added item: 52
+Successfully added item: 53
+Successfully added item: 54
+Successfully added item: 55
+Successfully added item: 56
+Successfully added item: 57
+Successfully added item: 58
+Successfully added item: 59
+Successfully added item: 60
+Successfully added item: 61
+Successfully added item: 62
+Successfully added item: 63
+Successfully added item: 64
+Successfully added item: 65
+Successfully added item: 66
+Successfully added item: 67
+Successfully added item: 68
+Successfully added item: 69
+Successfully added item: 70
+Successfully added item: 71
+Successfully added item: 72
+Successfully added item: 73
+Successfully added item: 74
+Successfully added item: 75
+Successfully added item: 76
+Successfully added item: 77
+Successfully added item: 78
+Successfully added item: 79
+Successfully added item: 80
+Successfully added item: 81
+Successfully added item: 82
+Successfully added item: 83
+Successfully added item: 84
+Successfully added item: 85
+Successfully added item: 86
+Successfully added item: 87
+Successfully added item: 88
+Successfully added item: 89
+Successfully added item: 90
+Successfully added item: 91
+Successfully added item: 92
+Successfully added item: 93
+Successfully added item: 94
+Successfully added item: 95
+Successfully added item: 96
+Successfully added item: 97
+Successfully added item: 98
+Successfully added item: 99
+Error: SecurityError: DOM Exception 18
+Successfully added user gesture item: 0
+Successfully added user gesture item: 1
+Successfully added user gesture item: 2
+Successfully added user gesture item: 3
+Successfully added user gesture item: 4
+Successfully added user gesture item: 5
+Successfully added user gesture item: 6
+Successfully added user gesture item: 7
+Successfully added user gesture item: 8
+Successfully added user gesture item: 9
+Successfully added user gesture item: 10
+Successfully added user gesture item: 11
+Successfully added user gesture item: 12
+Successfully added user gesture item: 13
+Successfully added user gesture item: 14
+Successfully added user gesture item: 15
+Successfully added user gesture item: 16
+Successfully added user gesture item: 17
+Successfully added user gesture item: 18
+Successfully added user gesture item: 19
+Successfully added user gesture item: 20
+Successfully added user gesture item: 21
+Successfully added user gesture item: 22
+Successfully added user gesture item: 23
+Successfully added user gesture item: 24
+Successfully added user gesture item: 25
+Successfully added user gesture item: 26
+Successfully added user gesture item: 27
+Successfully added user gesture item: 28
+Successfully added user gesture item: 29
+Successfully added user gesture item: 30
+Successfully added user gesture item: 31
+Successfully added user gesture item: 32
+Successfully added user gesture item: 33
+Successfully added user gesture item: 34
+Successfully added user gesture item: 35
+Successfully added user gesture item: 36
+Successfully added user gesture item: 37
+Successfully added user gesture item: 38
+Successfully added user gesture item: 39
+Successfully added user gesture item: 40
+Successfully added user gesture item: 41
+Successfully added user gesture item: 42
+Successfully added user gesture item: 43
+Successfully added user gesture item: 44
+Successfully added user gesture item: 45
+Successfully added user gesture item: 46
+Successfully added user gesture item: 47
+Successfully added user gesture item: 48
+Successfully added user gesture item: 49
+Successfully added user gesture item: 50
+Successfully added user gesture item: 51
+Successfully added user gesture item: 52
+Successfully added user gesture item: 53
+Successfully added user gesture item: 54
+Successfully added user gesture item: 55
+Successfully added user gesture item: 56
+Successfully added user gesture item: 57
+Successfully added user gesture item: 58
+Successfully added user gesture item: 59
+Successfully added user gesture item: 60
+Successfully added user gesture item: 61
+Successfully added user gesture item: 62
+Successfully added user gesture item: 63
+Successfully added user gesture item: 64
+Successfully added user gesture item: 65
+Successfully added user gesture item: 66
+Successfully added user gesture item: 67
+Successfully added user gesture item: 68
+Successfully added user gesture item: 69
+Successfully added user gesture item: 70
+Successfully added user gesture item: 71
+Successfully added user gesture item: 72
+Successfully added user gesture item: 73
+Successfully added user gesture item: 74
+Successfully added user gesture item: 75
+Successfully added user gesture item: 76
+Successfully added user gesture item: 77
+Successfully added user gesture item: 78
+Successfully added user gesture item: 79
+Successfully added user gesture item: 80
+Successfully added user gesture item: 81
+Successfully added user gesture item: 82
+Successfully added user gesture item: 83
+Successfully added user gesture item: 84
+Successfully added user gesture item: 85
+Successfully added user gesture item: 86
+Successfully added user gesture item: 87
+Successfully added user gesture item: 88
+Successfully added user gesture item: 89
+Successfully added user gesture item: 90
+Successfully added user gesture item: 91
+Successfully added user gesture item: 92
+Successfully added user gesture item: 93
+Successfully added user gesture item: 94
+Successfully added user gesture item: 95
+Successfully added user gesture item: 96
+Successfully added user gesture item: 97
+Successfully added user gesture item: 98
+Successfully added user gesture item: 99
+User gesture: Error: SecurityError: DOM Exception 18
+Test complete
+
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,51 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.replaceState(0, 0, i);
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ var button = document.getElementById("button");
+ eventSender.mouseMoveTo(button.offsetLeft + 5, button.offsetTop + 5);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+}
+
+function clicked()
+{
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.replaceState(0, 0, i);
+ log("Successfully added user gesture item: " + i);
+ }
+ } catch (e) {
+ log("User gesture: " + e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+
+ log("Test complete");
+}
+
+</script>
+<body>
+Test should complete quickly and not crash.<br>
+<button id="button" _onclick_="clicked();">Click to test replaceState through a user gesture</button>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/replacestate-frequency.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/replacestate-frequency.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,32 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function() {
+ try {
+ for( var i = 0; i < 100000; ++i ) {
+ history.replaceState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log(e);
+ }
+
+ if (window.testRunner)
+ testRunner.notifyDone();
+
+ log("Test complete");
+}
+
+</script>
+<body>
+Test should complete quickly and not crash.<br>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/pushstate-iframe.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,30 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ log("Adding state objects in iframe");
+ try {
+ for( var i = 0; i < 75; ++i ) {
+ history.pushState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log("Expected exception: " + e);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+}
+
+</script>
+<body>
+<div id="logger"></div>
+</body>
Copied: branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html (from rev 195625, trunk/LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html) (0 => 195710)
--- branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html (rev 0)
+++ branches/safari-601.1.46-branch/LayoutTests/fast/loader/stateobjects/resources/replacestate-iframe.html 2016-01-28 00:38:44 UTC (rev 195710)
@@ -0,0 +1,30 @@
+<script>
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+}
+
+function log(msg) {
+ document.getElementById("logger").innerHTML += msg + "<br>";
+}
+
+window._onload_ = function()
+{
+ log("Adding state objects in iframe");
+ try {
+ for( var i = 0; i < 75; ++i ) {
+ history.replaceState(0, 0, i.toString());
+ log("Successfully added item: " + i);
+ }
+ } catch (e) {
+ log("Expected exception: " + e);
+ if (window.testRunner)
+ testRunner.notifyDone();
+ }
+}
+
+</script>
+<body>
+<div id="logger"></div>
+</body>
Modified: branches/safari-601.1.46-branch/Source/WebCore/ChangeLog (195709 => 195710)
--- branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/Source/WebCore/ChangeLog 2016-01-28 00:38:44 UTC (rev 195710)
@@ -1,5 +1,38 @@
2016-01-27 Babak Shafiei <[email protected]>
+ Merge r195625.
+
+ 2016-01-26 Brady Eidson <[email protected]>
+
+ History.pushState causes intense memory pressure.
+ https://bugs.webkit.org/show_bug.cgi?id=153435
+
+ Reviewed by Sam Weinig, Oliver Hunt, and Geoff Garen.
+
+ Tests: fast/loader/stateobjects/pushstate-frequency-iframe.html
+ fast/loader/stateobjects/pushstate-frequency-with-user-gesture.html
+ fast/loader/stateobjects/pushstate-frequency.html
+ fast/loader/stateobjects/replacestate-frequency-iframe.html
+ fast/loader/stateobjects/replacestate-frequency-with-user-gesture.html
+ fast/loader/stateobjects/replacestate-frequency.html
+ loader/stateobjects/pushstate-size-iframe.html
+ loader/stateobjects/pushstate-size.html
+ loader/stateobjects/replacestate-size-iframe.html
+ loader/stateobjects/replacestate-size.html
+
+ Add restrictions on how frequently push/replaceState can be called,
+ as well as how much of a cumulative payload they can deliver.
+
+ * bindings/js/JSHistoryCustom.cpp:
+ (WebCore::JSHistory::pushState):
+ (WebCore::JSHistory::replaceState):
+
+ * page/History.cpp:
+ (WebCore::History::stateObjectAdded):
+ * page/History.h:
+
+2016-01-27 Babak Shafiei <[email protected]>
+
Merge r195671.
2016-01-26 Jer Noble <[email protected]>
Modified: branches/safari-601.1.46-branch/Source/WebCore/bindings/js/JSHistoryCustom.cpp (195709 => 195710)
--- branches/safari-601.1.46-branch/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/Source/WebCore/bindings/js/JSHistoryCustom.cpp 2016-01-28 00:38:44 UTC (rev 195710)
@@ -139,7 +139,7 @@
return jsUndefined();
}
- ExceptionCode ec = 0;
+ ExceptionCode ec;
impl().stateObjectAdded(historyState.release(), title, url, History::StateObjectType::Push, ec);
setDOMException(exec, ec);
@@ -168,7 +168,7 @@
return jsUndefined();
}
- ExceptionCode ec = 0;
+ ExceptionCode ec;
impl().stateObjectAdded(historyState.release(), title, url, History::StateObjectType::Replace, ec);
setDOMException(exec, ec);
Modified: branches/safari-601.1.46-branch/Source/WebCore/page/History.cpp (195709 => 195710)
--- branches/safari-601.1.46-branch/Source/WebCore/page/History.cpp 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/Source/WebCore/page/History.cpp 2016-01-28 00:38:44 UTC (rev 195710)
@@ -34,9 +34,12 @@
#include "FrameLoaderClient.h"
#include "HistoryController.h"
#include "HistoryItem.h"
+#include "MainFrame.h"
#include "Page.h"
+#include "ScriptController.h"
#include "SecurityOrigin.h"
#include "SerializedScriptValue.h"
+#include <wtf/CheckedArithmetic.h>
#include <wtf/MainThread.h>
namespace WebCore {
@@ -138,15 +141,77 @@
void History::stateObjectAdded(PassRefPtr<SerializedScriptValue> data, const String& title, const String& urlString, StateObjectType stateObjectType, ExceptionCode& ec)
{
+ // Each unique main-frame document is only allowed to send 64mb of state object payload to the UI client/process.
+ static uint32_t totalStateObjectPayloadLimit = 0x4000000;
+ static unsigned perUserGestureStateObjectLimit = 100;
+
if (!m_frame || !m_frame->page())
return;
-
+
URL fullURL = urlForState(urlString);
if (!fullURL.isValid() || !m_frame->document()->securityOrigin()->canRequest(fullURL)) {
ec = SECURITY_ERR;
return;
}
+ Document* mainDocument = m_frame->page()->mainFrame().document();
+ History* mainHistory = nullptr;
+ if (mainDocument) {
+ if (auto* mainDOMWindow = mainDocument->domWindow())
+ mainHistory = mainDOMWindow->history();
+ }
+
+ if (!mainHistory)
+ return;
+
+ bool processingUserGesture = ScriptController::processingUserGesture();
+ if (!processingUserGesture && mainHistory->m_nonUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
+ ec = SECURITY_ERR;
+ return;
+ }
+
+ double userGestureTimestamp = mainDocument->lastHandledUserGestureTimestamp();
+ if (processingUserGesture) {
+ if (mainHistory->m_currentUserGestureTimestamp < userGestureTimestamp) {
+ mainHistory->m_currentUserGestureTimestamp = userGestureTimestamp;
+ mainHistory->m_currentUserGestureObjectsAdded = 0;
+ }
+
+ if (mainHistory->m_currentUserGestureObjectsAdded >= perUserGestureStateObjectLimit) {
+ ec = SECURITY_ERR;
+ return;
+ }
+ }
+
+ Checked<unsigned> titleSize = title.length();
+ titleSize *= 2;
+
+ Checked<unsigned> urlSize = fullURL.string().length();
+ urlSize *= 2;
+
+ Checked<uint64_t> payloadSize = titleSize;
+ payloadSize += urlSize;
+ payloadSize += data ? data->data().size() : 0;
+
+ Checked<uint64_t> newTotalUsage = mainHistory->m_totalStateObjectUsage;
+
+ if (stateObjectType == StateObjectType::Replace)
+ newTotalUsage -= m_mostRecentStateObjectUsage;
+ newTotalUsage += payloadSize;
+
+ if (newTotalUsage > totalStateObjectPayloadLimit) {
+ ec = QUOTA_EXCEEDED_ERR;
+ return;
+ }
+
+ m_mostRecentStateObjectUsage = payloadSize.unsafeGet();
+
+ mainHistory->m_totalStateObjectUsage = newTotalUsage.unsafeGet();
+ if (processingUserGesture)
+ ++mainHistory->m_currentUserGestureObjectsAdded;
+ else
+ ++mainHistory->m_nonUserGestureObjectsAdded;
+
if (!urlString.isEmpty())
m_frame->document()->updateURLForPushOrReplaceState(fullURL);
Modified: branches/safari-601.1.46-branch/Source/WebCore/page/History.h (195709 => 195710)
--- branches/safari-601.1.46-branch/Source/WebCore/page/History.h 2016-01-28 00:37:00 UTC (rev 195709)
+++ branches/safari-601.1.46-branch/Source/WebCore/page/History.h 2016-01-28 00:38:44 UTC (rev 195710)
@@ -71,6 +71,16 @@
PassRefPtr<SerializedScriptValue> stateInternal() const;
RefPtr<SerializedScriptValue> m_lastStateObjectRequested;
+
+ unsigned m_nonUserGestureObjectsAdded { 0 };
+ unsigned m_currentUserGestureObjectsAdded { 0 };
+ double m_currentUserGestureTimestamp { 0 };
+
+ // For the main frame's History object to keep track of all state object usage.
+ uint64_t m_totalStateObjectUsage { 0 };
+
+ // For each individual History object to keep track of the most recent state object added.
+ uint64_t m_mostRecentStateObjectUsage { 0 };
};
} // namespace WebCore
