DescriptionMerge 97667 - Re-landing: window.webkitNotifications uses deallocated NotificationPresenter after live Iframe transfer.
https://bugs.webkit.org/show_bug.cgi?id=70147
Reviewed by David Levin.
I only found a way to test this manually, since Chromium TestShell uses static instance
of NotificationPresenter instead of per-page one so the issue does not reproduce.
Adding manual test that works in full build of Chromium.
* manual-tests/iframe_notifications/iframe-reparenting-close-window-child.html: Added.
* manual-tests/iframe_notifications/iframe-reparenting-close-window-iframe.html: Added.
* manual-tests/iframe_notifications/iframe-reparenting-close-window.html: Added.
* notifications/NotificationCenter.cpp:
(WebCore::NotificationCenter::disconnectFrame):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::resetNotifications):
* page/DOMWindow.h:
* page/Frame.cpp:
(WebCore::Frame::transferChildFrameToNewDocument): reset webkitNotifications object.
TBR=dimich@chromium.org
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=97674
Patch Set 1 #
Messages
Total messages: 1 (0 generated)
|