-
abarth@webkit.org authored
https://bugs.webkit.org/show_bug.cgi?id=93497 Reviewed by Eric Seidel. Source/WebCore: The framework for Chromium "platform" apps executes a big blob of script during the didCreateScriptContext callback. This blob of scripts interacts with a bunch of JavaScript objects and triggers a number of security checks. When reloading a frame, the didCreateScriptContext is called during Frame::setDocument (as a consequence of calling ScriptController::updateDocument). At that time, the SecurityOrigin object hasn't yet been copied over to the DOMWindow, and we crash trying to grab it. The long-term fix for this bug is to fix https://bugs.webkit.org/show_bug.cgi?id=75793, at which point there will no longer be a SecurityOrigin object on DOMWindow. In the meantime, however, we can fix this crash by null checking the DOMWindow's SecurityOrigin object. * bindings/generic/BindingSecurity.cpp: (WebCore::canAccessDocument): Source/WebKit/chromium: Test that we don't crash when executing script during the didCreateScriptContext callback. * tests/WebFrameTest.cpp: * tests/data/hello_world.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125077 268f45cc-cd09-0410-ab3c-d52691b4dbfc
67996f4a
