Commit cd5cda28 authored by commit-queue@webkit.org's avatar commit-queue@webkit.org
Browse files

2011-02-15 Charlie Reis <creis@chromium.org>

        Reviewed by Mihai Parparita.

        Crash in WebCore::FrameLoader::continueLoadAfterNavigationPolicy
        https://bugs.webkit.org/show_bug.cgi?id=54219

        Ensures we do not start a new navigation while we are in the process of
        stopping a navigation.  Also adds a manual test, since the crash can
        only be reproduced using the back button and not history.back().

        * loader/FrameLoader.cpp:
        * manual-tests/navigation-during-onload-triggered-by-back.html: Added.
        * manual-tests/resources/navigation-during-onload-container.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@78561 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 9e71897a
2011-02-15 Charlie Reis <creis@chromium.org>
Reviewed by Mihai Parparita.
Crash in WebCore::FrameLoader::continueLoadAfterNavigationPolicy
https://bugs.webkit.org/show_bug.cgi?id=54219
Ensures we do not start a new navigation while we are in the process of
stopping a navigation. Also adds a manual test, since the crash can
only be reproduced using the back button and not history.back().
* loader/FrameLoader.cpp:
* manual-tests/navigation-during-onload-triggered-by-back.html: Added.
* manual-tests/resources/navigation-during-onload-container.html: Added.
2011-02-15 Bill Budge <bbudge@chromium.org>
 
Reviewed by David Levin.
......@@ -1301,6 +1301,9 @@ void FrameLoader::loadFrameRequest(const FrameLoadRequest& request, bool lockHis
void FrameLoader::loadURL(const KURL& newURL, const String& referrer, const String& frameName, bool lockHistory, FrameLoadType newLoadType,
PassRefPtr<Event> event, PassRefPtr<FormState> prpFormState)
{
if (m_inStopAllLoaders)
return;
RefPtr<FormState> formState = prpFormState;
bool isFormSubmission = formState;
......
<html>
<head>
</head>
<body>
<p>Same-document navigation in onload triggered by back navigation.</p>
<ol>
<li>Start the layout test web server with Tools/Scripts/run-webkit-httpd.</li>
<li>Click <a href="resources/navigation-during-onload-container.html">here</a>.</li>
<li>Click Back.</li>
</ol>
<p>You should not crash.</p>
<p>We cannot use history.back() to test this, because it calls Page::goToItem
(which calls FrameLoader::stopAllLoaders) first. Chromium's back button does
not call stopAllLoaders first.</p>
</body>
</html>
<script>
onload = function() {
window.location.replace("#foo");
};
</script>
container
<iframe src="http://127.0.0.1:8000/history/resources/back-during-onload-middle.html"></iframe>
<p>
Click the back button and see if the browser crashes.
</p>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment