Chromium Code Reviews Chromium Code Reviews
Issue 1714063002:
Protect the provisional loader from detaching during prepareForCommit (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. | 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. |
| 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) | 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) |
| 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) | 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) |
| 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> | 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> |
| 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. | 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. |
| 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> | 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> |
| 8 * Copyright (C) 2011 Google Inc. All rights reserved. | 8 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 9 * | 9 * |
| 10 * Redistribution and use in source and binary forms, with or without | 10 * Redistribution and use in source and binary forms, with or without |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 161 FrameLoader::FrameLoader(LocalFrame* frame) | 161 FrameLoader::FrameLoader(LocalFrame* frame) |
| 162 : m_frame(frame) | 162 : m_frame(frame) |
| 163 , m_progressTracker(ProgressTracker::create(frame)) | 163 , m_progressTracker(ProgressTracker::create(frame)) |
| 164 , m_loadType(FrameLoadTypeStandard) | 164 , m_loadType(FrameLoadTypeStandard) |
| 165 , m_inStopAllLoaders(false) | 165 , m_inStopAllLoaders(false) |
| 166 , m_checkTimer(this, &FrameLoader::checkTimerFired) | 166 , m_checkTimer(this, &FrameLoader::checkTimerFired) |
| 167 , m_didAccessInitialDocument(false) | 167 , m_didAccessInitialDocument(false) |
| 168 , m_didAccessInitialDocumentTimer(this, &FrameLoader::didAccessInitialDocume ntTimerFired) | 168 , m_didAccessInitialDocumentTimer(this, &FrameLoader::didAccessInitialDocume ntTimerFired) |
| 169 , m_forcedSandboxFlags(SandboxNone) | 169 , m_forcedSandboxFlags(SandboxNone) |
| 170 , m_dispatchingDidClearWindowObjectInMainWorld(false) | 170 , m_dispatchingDidClearWindowObjectInMainWorld(false) |
| 171 , m_protectProvisionalLoader(false) | |
| 171 { | 172 { |
| 172 } | 173 } |
| 173 | 174 |
| 174 FrameLoader::~FrameLoader() | 175 FrameLoader::~FrameLoader() |
| 175 { | 176 { |
| 176 // Verify that this FrameLoader has been detached. | 177 // Verify that this FrameLoader has been detached. |
| 177 ASSERT(!m_progressTracker); | 178 ASSERT(!m_progressTracker); |
| 178 } | 179 } |
| 179 | 180 |
| 180 DEFINE_TRACE(FrameLoader) | 181 DEFINE_TRACE(FrameLoader) |
| (...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 677 client()->dispatchDidNavigateWithinPage(m_currentItem.get(), historyCommitTy pe); | 678 client()->dispatchDidNavigateWithinPage(m_currentItem.get(), historyCommitTy pe); |
| 678 client()->dispatchDidReceiveTitle(m_frame->document()->title()); | 679 client()->dispatchDidReceiveTitle(m_frame->document()->title()); |
| 679 if (m_frame->document()->loadEventFinished()) | 680 if (m_frame->document()->loadEventFinished()) |
| 680 client()->didStopLoading(); | 681 client()->didStopLoading(); |
| 681 } | 682 } |
| 682 | 683 |
| 683 void FrameLoader::detachDocumentLoader(RefPtrWillBeMember<DocumentLoader>& loade r) | 684 void FrameLoader::detachDocumentLoader(RefPtrWillBeMember<DocumentLoader>& loade r) |
| 684 { | 685 { |
| 685 if (!loader) | 686 if (!loader) |
| 686 return; | 687 return; |
| 688 if (loader == m_provisionalDocumentLoader && m_protectProvisionalLoader) | |
| 689 return; | |
| 687 | 690 |
| 688 loader->detachFromFrame(); | 691 loader->detachFromFrame(); |
| 689 loader = nullptr; | 692 loader = nullptr; |
| 690 } | 693 } |
| 691 | 694 |
| 692 void FrameLoader::loadInSameDocument(const KURL& url, PassRefPtr<SerializedScrip tValue> stateObject, FrameLoadType frameLoadType, HistoryLoadType historyLoadTyp e, ClientRedirectPolicy clientRedirect) | 695 void FrameLoader::loadInSameDocument(const KURL& url, PassRefPtr<SerializedScrip tValue> stateObject, FrameLoadType frameLoadType, HistoryLoadType historyLoadTyp e, ClientRedirectPolicy clientRedirect) |
| 693 { | 696 { |
| 694 // If we have a state object, we cannot also be a new navigation. | 697 // If we have a state object, we cannot also be a new navigation. |
| 695 ASSERT(!stateObject || frameLoadType == FrameLoadTypeBackForward); | 698 ASSERT(!stateObject || frameLoadType == FrameLoadTypeBackForward); |
| 696 | 699 |
| (...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1055 client()->dispatchWillClose(); | 1058 client()->dispatchWillClose(); |
| 1056 dispatchUnloadEvent(); | 1059 dispatchUnloadEvent(); |
| 1057 } | 1060 } |
| 1058 m_frame->detachChildren(); | 1061 m_frame->detachChildren(); |
| 1059 // The previous calls to dispatchUnloadEvent() and detachChildren() can | 1062 // The previous calls to dispatchUnloadEvent() and detachChildren() can |
| 1060 // execute arbitrary script via things like unload events. If the executed | 1063 // execute arbitrary script via things like unload events. If the executed |
| 1061 // script intiates a new load or causes the current frame to be detached, | 1064 // script intiates a new load or causes the current frame to be detached, |
| 1062 // we need to abandon the current load. | 1065 // we need to abandon the current load. |
| 1063 if (pdl != m_provisionalDocumentLoader) | 1066 if (pdl != m_provisionalDocumentLoader) |
| 1064 return false; | 1067 return false; |
| 1068 // detachFromFrame() will abort XHRs that haven't completed, which can | |
| 1069 // trigger event listeners for 'abort'. These event listeners might call | |
| 1070 // stop(), which will in turn detach the provisional document loader. | |
| 1071 // At this point, the provisional document loader should not detach, because | |
| 1072 // then the FrameLoader would not have any attached DocumentLoaders. | |
| 1065 if (m_documentLoader) { | 1073 if (m_documentLoader) { |
| 1066 FrameNavigationDisabler navigationDisabler(*m_frame); | 1074 FrameNavigationDisabler navigationDisabler(*m_frame); |
| 1075 m_protectProvisionalLoader = false; | |
|
dcheng
2016/02/19 18:34:40
Shouldn't this be true?
Also, maybe use Temporary
| |
| 1067 detachDocumentLoader(m_documentLoader); | 1076 detachDocumentLoader(m_documentLoader); |
| 1077 m_protectProvisionalLoader = false; | |
| 1068 } | 1078 } |
| 1069 // detachFromFrame() will abort XHRs that haven't completed, which can | 1079 // 'abort' listeners can also detach the frame. |
| 1070 // trigger event listeners for 'abort'. These event listeners might detach | |
| 1071 // the frame. | |
| 1072 // TODO(dcheng): Investigate if this can be moved above the check that | 1080 // TODO(dcheng): Investigate if this can be moved above the check that |
| 1073 // m_provisionalDocumentLoader hasn't changed. | 1081 // m_provisionalDocumentLoader hasn't changed. |
| 1074 if (!m_frame->client()) | 1082 if (!m_frame->client()) |
| 1075 return false; | 1083 return false; |
| 1076 // No more events will be dispatched so detach the Document. | 1084 // No more events will be dispatched so detach the Document. |
| 1077 // TODO(yoav): Should we also be nullifying domWindow's document (or domWind ow) since the doc is now detached? | 1085 // TODO(yoav): Should we also be nullifying domWindow's document (or domWind ow) since the doc is now detached? |
| 1078 if (m_frame->document()) | 1086 if (m_frame->document()) |
| 1079 m_frame->document()->detach(); | 1087 m_frame->document()->detach(); |
| 1088 ASSERT(m_provisionalDocumentLoader); | |
| 1080 m_documentLoader = m_provisionalDocumentLoader.release(); | 1089 m_documentLoader = m_provisionalDocumentLoader.release(); |
| 1081 | 1090 |
| 1082 return true; | 1091 return true; |
| 1083 } | 1092 } |
| 1084 | 1093 |
| 1085 void FrameLoader::commitProvisionalLoad() | 1094 void FrameLoader::commitProvisionalLoad() |
| 1086 { | 1095 { |
| 1087 ASSERT(client()->hasWebView()); | 1096 ASSERT(client()->hasWebView()); |
| 1088 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame.get()); | 1097 RefPtrWillBeRawPtr<LocalFrame> protect(m_frame.get()); |
| 1089 | 1098 |
| (...skipping 471 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1561 // FIXME: We need a way to propagate insecure requests policy flags to | 1570 // FIXME: We need a way to propagate insecure requests policy flags to |
| 1562 // out-of-process frames. For now, we'll always use default behavior. | 1571 // out-of-process frames. For now, we'll always use default behavior. |
| 1563 if (!parentFrame->isLocalFrame()) | 1572 if (!parentFrame->isLocalFrame()) |
| 1564 return nullptr; | 1573 return nullptr; |
| 1565 | 1574 |
| 1566 ASSERT(toLocalFrame(parentFrame)->document()); | 1575 ASSERT(toLocalFrame(parentFrame)->document()); |
| 1567 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; | 1576 return toLocalFrame(parentFrame)->document()->insecureNavigationsToUpgrade() ; |
| 1568 } | 1577 } |
| 1569 | 1578 |
| 1570 } // namespace blink | 1579 } // namespace blink |
| OLD | NEW |
