Add an extra guard to replaceDocument()

Source/core/dom/DocumentInit.h

Index: Source/core/dom/DocumentInit.h
diff --git a/Source/core/dom/DocumentInit.h b/Source/core/dom/DocumentInit.h
index f19ad1da12fbbbfbd0695057a9caf8bde7aef6b9..b96d7c333b9cdcd65d9d73a80db9696afc52ca68 100644
--- a/Source/core/dom/DocumentInit.h
+++ b/Source/core/dom/DocumentInit.h
@@ -59,6 +59,7 @@ public:
     bool shouldTreatURLAsSrcdocDocument() const;
     bool shouldSetURL() const;
     bool isSeamlessAllowedFor(Document* child) const;
+    bool shouldReuseDefaultView() const { return m_shouldReuseDefaultView; }
     SandboxFlags sandboxFlags() const;
 
     Document* parent() const { return m_parent.get(); }
@@ -85,6 +86,16 @@ private:
     RawPtrWillBeMember<HTMLImportsController> m_importsController;
     RefPtrWillBeMember<CustomElementRegistrationContext> m_registrationContext;
     bool m_createNewRegistrationContext;
+
+    // In some rare cases, we'll re-used a LocalDOMWindow for a new Document. For example,

[dglazkov, 2014/08/26 16:03:32]

"we'll reuse"

+    // when a script calls window.open("..."), the browser gives JavaScript a window
+    // synchronously but kicks off the load in the window asynchronously. Web sites
+    // expect that modifications that they make to the window object synchronously
+    // won't be blown away when the network load commits. To make that happen, we
+    // "securely transition" the existing LocalDOMWindow to the Document that results from
+    // the network load. See also SecurityContext::isSecureTransitionTo.
+    // FIXME: This is for DocumentWrite creation, not for one of Document.

[dglazkov, 2014/08/26 16:03:32]

DocumentWriter?

+    bool m_shouldReuseDefaultView;
 };
 
 } // namespace blink