Skip to content
  • simon.fraser@apple.com's avatar
    Crash re-entering Document layout with frame flattening enabled · 8d88321d
    simon.fraser@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=97841
    
    Reviewed by Kenneth Rohde Christiansen.
    
    Source/WebCore:
    
    Walking up to parent FrameViews when doing a frame-flattening
    layout should walk via the Frame tree, not the Widget hierarchy.
    Walking via the Frame tree ensures that we don't walk up to the
    root Frame when laying out a subframe that is in the page cache.
    That's bad, because the root Frame is reused for the new
    page, and laying it out from a frame in the page cache causes
    re-entrant layout.
    
    Test: plugins/frameset-with-plugin-frame.html
    
    * page/FrameView.cpp:
    (WebCore::FrameView::parentFrameView):
    
    LayoutTests:
    
    Test that navigates from one frameset to another frameset, where
    one of the subframes contains a plugin.
    
    * plugins/frameset-with-plugin-frame-expected.txt: Added.
    * plugins/frameset-with-plugin-frame.html: Added.
    * plugins/resources/frame-with-plugin-subframe.html: Added.
    * plugins/resources/target-frameset-frame.html: Added.
    * plugins/resources/target-frameset.html: Added.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129944 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    8d88321d