Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 138213002: Fix crash when popstate handler detaches frame during history navigation (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 1392 matching lines...) Expand 10 before | Expand all | Expand 10 after
1403 1403
1404 if (!activeDocument->canNavigate(frame)) 1404 if (!activeDocument->canNavigate(frame))
1405 return 0; 1405 return 0;
1406 return frame; 1406 return frame;
1407 } 1407 }
1408 1408
1409 void FrameLoader::loadHistoryItem(HistoryItem* item, HistoryLoadType historyLoad Type, ResourceRequestCachePolicy cachePolicy) 1409 void FrameLoader::loadHistoryItem(HistoryItem* item, HistoryLoadType historyLoad Type, ResourceRequestCachePolicy cachePolicy)
1410 { 1410 {
1411 m_provisionalItem = item; 1411 m_provisionalItem = item;
1412 if (historyLoadType == HistorySameDocumentLoad) { 1412 if (historyLoadType == HistorySameDocumentLoad) {
1413 // loadInSameDocument() might (indirectly) dispatch events, which could lead to the frame being
1414 // detached, so protect it.
1415 RefPtr<Frame> protect(m_frame);
1413 loadInSameDocument(item->url(), item->stateObject(), DoNotUpdateBackForw ardList, NotClientRedirect); 1416 loadInSameDocument(item->url(), item->stateObject(), DoNotUpdateBackForw ardList, NotClientRedirect);
1414 restoreScrollPositionAndViewState(ForcedRestoreForSameDocumentHistoryNav igation); 1417 restoreScrollPositionAndViewState(ForcedRestoreForSameDocumentHistoryNav igation);
1415 return; 1418 return;
1416 } 1419 }
1417 1420
1418 RefPtr<FormData> formData = item->formData(); 1421 RefPtr<FormData> formData = item->formData();
1419 ResourceRequest request(item->url()); 1422 ResourceRequest request(item->url());
1420 request.setHTTPReferrer(item->referrer()); 1423 request.setHTTPReferrer(item->referrer());
1421 request.setCachePolicy(cachePolicy); 1424 request.setCachePolicy(cachePolicy);
1422 if (formData) { 1425 if (formData) {
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
1463 { 1466 {
1464 SandboxFlags flags = m_forcedSandboxFlags; 1467 SandboxFlags flags = m_forcedSandboxFlags;
1465 if (Frame* parentFrame = m_frame->tree().parent()) 1468 if (Frame* parentFrame = m_frame->tree().parent())
1466 flags |= parentFrame->document()->sandboxFlags(); 1469 flags |= parentFrame->document()->sandboxFlags();
1467 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) 1470 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
1468 flags |= ownerElement->sandboxFlags(); 1471 flags |= ownerElement->sandboxFlags();
1469 return flags; 1472 return flags;
1470 } 1473 }
1471 1474
1472 } // namespace WebCore 1475 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698