-
aestes@apple.com authored
REGRESSION (r125592): Reproducible crash in DOMWindow::open when a delegate closes the new window in decidePolicyForNavigationAction https://bugs.webkit.org/show_bug.cgi?id=115609 Reviewed by Oliver Hunt. Source/WebCore: When a window created by window.open() is navigated, the embedder might close it in decidePolicyForNavigationAction. If this happens, we end up with a pointer to a deleted Frame. Fix this by keeping a strong reference to the Frame created by createWindow(). We can later determine if the window was closed by checking if the new Frame has a detached Page. Added an API test: WebKit1.CloseNewWindowInNavigationPolicyDelegate. * page/DOMWindow.cpp: (WebCore::DOMWindow::createWindow): Tools: Added an API test. * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * TestWebKitAPI/Tests/mac/CloseNewWindowInNavigationPolicyDelegate.mm: Added. (+[TestDelegate shared]): (-[TestDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:]): (-[TestDelegate webView:createWebViewWithRequest:]): (TestWebKitAPI): (TestWebKitAPI::TEST): * TestWebKitAPI/Tests/mac/OpenNewWindow.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@149589 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7e025ae5