| Index: Source/core/loader/FrameLoader.cpp
|
| diff --git a/Source/core/loader/FrameLoader.cpp b/Source/core/loader/FrameLoader.cpp
|
| index 8cf4eda5bef57170110d5b9ed49caa1632dcc949..5a1c11beb9ed99d0961872f6ede8e0e92527dae7 100644
|
| --- a/Source/core/loader/FrameLoader.cpp
|
| +++ b/Source/core/loader/FrameLoader.cpp
|
| @@ -1410,6 +1410,9 @@ void FrameLoader::loadHistoryItem(HistoryItem* item, HistoryLoadType historyLoad
|
| {
|
| m_provisionalItem = item;
|
| if (historyLoadType == HistorySameDocumentLoad) {
|
| + // loadInSameDocument() might (indirectly) dispatch events, which could lead to the frame being
|
| + // detached, so protect it.
|
| + RefPtr<Frame> protect(m_frame);
|
| loadInSameDocument(item->url(), item->stateObject(), DoNotUpdateBackForwardList, NotClientRedirect);
|
| restoreScrollPositionAndViewState(ForcedRestoreForSameDocumentHistoryNavigation);
|
| return;
|
|
|
Chromium Code Reviews
Issue 138213002:
Fix crash when popstate handler detaches frame during history navigation (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master