Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(787)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 495743003: Add an extra guard to replaceDocument() (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« Source/core/loader/FrameLoader.h ('K') | « Source/core/loader/FrameLoader.h ('k') | Source/web/WebLocalFrameImpl.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after
259 m_frame->script().enableEval(); 259 m_frame->script().enableEval();
260 260
261 m_frame->navigationScheduler().cancel(); 261 m_frame->navigationScheduler().cancel();
262 262
263 m_checkTimer.stop(); 263 m_checkTimer.stop();
264 264
265 if (m_stateMachine.isDisplayingInitialEmptyDocument()) 265 if (m_stateMachine.isDisplayingInitialEmptyDocument())
266 m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad ); 266 m_stateMachine.advanceTo(FrameLoaderStateMachine::CommittedFirstRealLoad );
267 } 267 }
268 268
269 // This is only called by ScriptController::executeScriptIfJavaScriptURL
270 // and always contains the result of evaluating a javascript: url.
271 // This is the <iframe src="javascript:'html'"> case.
272 void FrameLoader::replaceDocument(const String& source, Document* ownerDocument)
273 {
274 if (!m_frame->document()->loader())
275 return;
276
277 // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref 'ed and possible destroyed,
278 // so protect it with a RefPtr.
279 RefPtr<DocumentLoader> documentLoader(m_frame->document()->loader());
280
281 UseCounter::count(*m_frame->document(), UseCounter::ReplaceDocumentViaJavaSc riptURL);
282
283 // Prepare a DocumentInit before clearing the frame, because it may need to
284 // inherit an aliased security context.
285 DocumentInit init(m_frame->document()->url(), m_frame);
286 init.withNewRegistrationContext();
287
288 stopAllLoaders();
289 clear();
290
291 // clear() potentially detaches the frame from the document. The
292 // loading cannot continue in that case.
293 if (!m_frame->page())
294 return;
295
296 documentLoader->replaceDocument(init, source, ownerDocument);
297 }
298
269 void FrameLoader::setHistoryItemStateForCommit(HistoryCommitType historyCommitTy pe, bool isPushOrReplaceState, PassRefPtr<SerializedScriptValue> stateObject) 299 void FrameLoader::setHistoryItemStateForCommit(HistoryCommitType historyCommitTy pe, bool isPushOrReplaceState, PassRefPtr<SerializedScriptValue> stateObject)
270 { 300 {
271 if (m_provisionalItem) 301 if (m_provisionalItem)
272 m_currentItem = m_provisionalItem.release(); 302 m_currentItem = m_provisionalItem.release();
273 303
274 if (!m_currentItem || historyCommitType == StandardCommit) { 304 if (!m_currentItem || historyCommitType == StandardCommit) {
275 m_currentItem = HistoryItem::create(); 305 m_currentItem = HistoryItem::create();
276 } else if (!isPushOrReplaceState && m_documentLoader->url() != m_currentItem ->url()) { 306 } else if (!isPushOrReplaceState && m_documentLoader->url() != m_currentItem ->url()) {
277 m_currentItem->generateNewItemSequenceNumber(); 307 m_currentItem->generateNewItemSequenceNumber();
278 if (!equalIgnoringFragmentIdentifier(m_documentLoader->url(), m_currentI tem->url())) 308 if (!equalIgnoringFragmentIdentifier(m_documentLoader->url(), m_currentI tem->url()))
(...skipping 1189 matching lines...) Expand 10 before | Expand all | Expand 10 after
1468 // FIXME: We need a way to propagate sandbox flags to out-of-process frames. 1498 // FIXME: We need a way to propagate sandbox flags to out-of-process frames.
1469 Frame* parentFrame = m_frame->tree().parent(); 1499 Frame* parentFrame = m_frame->tree().parent();
1470 if (parentFrame && parentFrame->isLocalFrame()) 1500 if (parentFrame && parentFrame->isLocalFrame())
1471 flags |= toLocalFrame(parentFrame)->document()->sandboxFlags(); 1501 flags |= toLocalFrame(parentFrame)->document()->sandboxFlags();
1472 if (FrameOwner* frameOwner = m_frame->owner()) 1502 if (FrameOwner* frameOwner = m_frame->owner())
1473 flags |= frameOwner->sandboxFlags(); 1503 flags |= frameOwner->sandboxFlags();
1474 return flags; 1504 return flags;
1475 } 1505 }
1476 1506
1477 } // namespace blink 1507 } // namespace blink
OLDNEW
« Source/core/loader/FrameLoader.h ('K') | « Source/core/loader/FrameLoader.h ('k') | Source/web/WebLocalFrameImpl.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698