third_party/WebKit/Source/core/loader/FrameLoader.cpp - Issue 1714063002: Protect the provisional loader from detaching during prepareForCommit

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/loader/FrameLoader.cpp

Issue 1714063002: Protect the provisional loader from detaching during prepareForCommit (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/core/loader/FrameLoader.cpp

diff --git a/third_party/WebKit/Source/core/loader/FrameLoader.cpp b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

index 038cf60a8afc2b21412fab348d49efb7f0661d53..1f562abead8228d7fbc06a0cb41ceb3d8287ef9a 100644

--- a/third_party/WebKit/Source/core/loader/FrameLoader.cpp

+++ b/third_party/WebKit/Source/core/loader/FrameLoader.cpp

@@ -168,6 +168,7 @@ FrameLoader::FrameLoader(LocalFrame* frame)

, m_didAccessInitialDocumentTimer(this, &FrameLoader::didAccessInitialDocumentTimerFired)

, m_forcedSandboxFlags(SandboxNone)

, m_dispatchingDidClearWindowObjectInMainWorld(false)

+ , m_protectProvisionalLoader(false)

{

}

@@ -684,6 +685,8 @@ void FrameLoader::detachDocumentLoader(RefPtrWillBeMember<DocumentLoader>& loade

{

if (!loader)

return;

+ if (loader == m_provisionalDocumentLoader && m_protectProvisionalLoader)

+ return;

loader->detachFromFrame();

loader = nullptr;

@@ -1062,13 +1065,18 @@ bool FrameLoader::prepareForCommit()

// we need to abandon the current load.

if (pdl != m_provisionalDocumentLoader)

return false;

+ // detachFromFrame() will abort XHRs that haven't completed, which can

+ // trigger event listeners for 'abort'. These event listeners might call

+ // stop(), which will in turn detach the provisional document loader.

+ // At this point, the provisional document loader should not detach, because

+ // then the FrameLoader would not have any attached DocumentLoaders.

if (m_documentLoader) {

FrameNavigationDisabler navigationDisabler(*m_frame);

+ m_protectProvisionalLoader = false;

dcheng 2016/02/19 18:34:40 Shouldn't this be true? Also, maybe use Temporary

detachDocumentLoader(m_documentLoader);

+ m_protectProvisionalLoader = false;

}

- // detachFromFrame() will abort XHRs that haven't completed, which can

- // trigger event listeners for 'abort'. These event listeners might detach

- // the frame.

+ // 'abort' listeners can also detach the frame.

// TODO(dcheng): Investigate if this can be moved above the check that

// m_provisionalDocumentLoader hasn't changed.

if (!m_frame->client())

@@ -1077,6 +1085,7 @@ bool FrameLoader::prepareForCommit()

// TODO(yoav): Should we also be nullifying domWindow's document (or domWindow) since the doc is now detached?

if (m_frame->document())

m_frame->document()->detach();

+ ASSERT(m_provisionalDocumentLoader);

m_documentLoader = m_provisionalDocumentLoader.release();

return true;

« no previous file with comments | « third_party/WebKit/Source/core/loader/FrameLoader.h ('k') | no next file » | no next file with comments »