Chromium Code Reviews
Help | Chromium Project | Gerrit Changes | Sign in
(22)

Issues Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 495743003: Add an extra guard to replaceDocument() (Closed)

Created:
6 years, 5 months ago by Hajime Morrita
Modified:
6 years, 5 months ago
CC:
abarth-chromium, arv+blink, blink-reviews, blink-reviews-bindings_chromium.org, blink-reviews-dom_chromium.org, dglazkov+blink, eae+blinkwatch, gavinp+loader_chromium.org, Nate Chapin, rwlbuis, sof
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Add an extra guard to replaceDocument() The key of this change is to add an extra guard against rude JS in unload event handlers. To add the change in a sane way, this change also includes some refactoring: * Moving |shouldReuseDefaultView| local variable, which should be computed beforehand to DocumentInit. * Splitting replaceDocument into DocuentLoader and FrameLoader. * Renaming them to replaceDocumentWriteExecutingJavaScriptURL() for clarity. * Using the FrameLoader API instead of DocumentLoader one from ScriptController. TEST=unload-mutation-crash.html R=esprehn@chromium.org, dglazkov@chromium.org, abarth@chromium.org BUG=405745 Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=180918

Patch Set 1 #

Total comments: 4

Patch Set 2 : Ppdated #

Total comments: 1

Patch Set 3 : Landing #

Unified diffs Side-by-side diffs Delta from patch set Stats (+99 lines, -38 lines) Patch
A LayoutTests/fast/loader/unload-mutation-crash.html View 1 chunk +23 lines, -0 lines 0 comments Download
A LayoutTests/fast/loader/unload-mutation-crash-expected.txt View 1 chunk +2 lines, -0 lines 0 comments Download
M Source/bindings/core/v8/ScriptController.cpp View 1 1 chunk +1 line, -6 lines 0 comments Download
M Source/core/dom/DecodedDataDocumentParser.h View 1 1 chunk +1 line, -1 line 0 comments Download
M Source/core/dom/DocumentInit.h View 1 2 chunks +11 lines, -0 lines 0 comments Download
M Source/core/dom/DocumentInit.cpp View 2 chunks +2 lines, -0 lines 0 comments Download
M Source/core/dom/DocumentParser.h View 1 1 chunk +1 line, -1 line 0 comments Download
M Source/core/frame/LocalFrame.h View 1 chunk +1 line, -1 line 0 comments Download
M Source/core/frame/LocalFrame.cpp View 1 chunk +5 lines, -0 lines 0 comments Download
M Source/core/loader/DocumentLoader.h View 1 2 3 chunks +3 lines, -2 lines 0 comments Download
M Source/core/loader/DocumentLoader.cpp View 1 2 3 chunks +15 lines, -24 lines 0 comments Download
M Source/core/loader/DocumentWriter.h View 1 1 chunk +2 lines, -2 lines 0 comments Download
M Source/core/loader/FrameLoader.h View 1 1 chunk +1 line, -0 lines 0 comments Download
M Source/core/loader/FrameLoader.cpp View 1 1 chunk +30 lines, -0 lines 0 comments Download
M Source/web/WebLocalFrameImpl.cpp View 1 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 8 (0 generated)
Hajime Morrita
6 years, 5 months ago (2014-08-26 01:52:28 UTC) #1
dglazkov
https://codereview.chromium.org/495743003/diff/1/Source/core/dom/DocumentInit.h File Source/core/dom/DocumentInit.h (right): https://codereview.chromium.org/495743003/diff/1/Source/core/dom/DocumentInit.h#newcode90 Source/core/dom/DocumentInit.h:90: // In some rare cases, we'll re-used a LocalDOMWindow ...
6 years, 5 months ago (2014-08-26 16:03:33 UTC) #2
Hajime Morrita
Thanks for the review Dimitri! I updated the patch. PTAL?
6 years, 5 months ago (2014-08-26 17:13:01 UTC) #3
dglazkov
LGTM. https://codereview.chromium.org/495743003/diff/20001/Source/core/loader/DocumentLoader.cpp File Source/core/loader/DocumentLoader.cpp (right): https://codereview.chromium.org/495743003/diff/20001/Source/core/loader/DocumentLoader.cpp#newcode779 Source/core/loader/DocumentLoader.cpp:779: PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(LocalFrame* frame, const Document* ownerDocument, const KURL& ...
6 years, 5 months ago (2014-08-26 17:22:43 UTC) #4
Hajime Morrita
On 2014/08/26 17:22:43, dglazkov wrote: > LGTM. > > https://codereview.chromium.org/495743003/diff/20001/Source/core/loader/DocumentLoader.cpp > File Source/core/loader/DocumentLoader.cpp (right): > ...
6 years, 5 months ago (2014-08-26 18:21:22 UTC) #5
Hajime Morrita
The CQ bit was checked by morrita@chromium.org
6 years, 5 months ago (2014-08-26 18:26:29 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/morrita@chromium.org/495743003/40001
6 years, 5 months ago (2014-08-26 18:27:35 UTC) #7
commit-bot: I haz the power
6 years, 5 months ago (2014-08-26 21:41:35 UTC) #8
Message was sent while issue was closed. 
Committed patchset #3 (40001) as 180918

Powered by Google App Engine
This is Rietveld 408576698