Add an extra guard to replaceDocument()

Source/core/loader/DocumentLoader.cpp

Index: Source/core/loader/DocumentLoader.cpp
diff --git a/Source/core/loader/DocumentLoader.cpp b/Source/core/loader/DocumentLoader.cpp
index d3255fd0c928d557ad6bc99cfec84c9243508959..a3374ffd174bd8d39d5765c72fcbb1f4e6c09b16 100644
--- a/Source/core/loader/DocumentLoader.cpp
+++ b/Source/core/loader/DocumentLoader.cpp
@@ -778,26 +778,23 @@ void DocumentLoader::endWriting(DocumentWriter* writer)
 
 PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(LocalFrame* frame, const Document* ownerDocument, const KURL& url, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch)

[dglazkov, 2014/08/26 17:22:43]

Just thinking outloud: since now there are two createWriteFor functions, and
both of them really operate on DocumentInit, maybe we could:
1) make DocumentInit of both of them, and/or
2) rename the newly-created one to sound a lot more ominous, since it's doing
nasty things.

 {
-    // Create a new document before clearing the frame, because it may need to
+    // Prepare a DocumentInit before clearing the frame, because it may need to
     // inherit an aliased security context.
     DocumentInit init(url, frame);
     init.withNewRegistrationContext();
-
-    // In some rare cases, we'll re-used a LocalDOMWindow for a new Document. For example,
-    // when a script calls window.open("..."), the browser gives JavaScript a window
-    // synchronously but kicks off the load in the window asynchronously. Web sites
-    // expect that modifications that they make to the window object synchronously
-    // won't be blown away when the network load commits. To make that happen, we
-    // "securely transition" the existing LocalDOMWindow to the Document that results from
-    // the network load. See also SecurityContext::isSecureTransitionTo.
-    bool shouldReuseDefaultView = frame->loader().stateMachine()->isDisplayingInitialEmptyDocument() && frame->document()->isSecureTransitionTo(url);
-
     frame->loader().clear();
+    ASSERT(frame->page());
+    return createWriterFor(ownerDocument, init, mimeType, encoding, dispatch);
+}
+
+PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const Document* ownerDocument, const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch)
+{
+    LocalFrame* frame = init.frame();
 
     if (frame->document())
         frame->document()->prepareForDestruction();
 
-    if (!shouldReuseDefaultView)
+    if (!init.shouldReuseDefaultView())
         frame->setDOMWindow(LocalDOMWindow::create(*frame));
 
     RefPtrWillBeRawPtr<Document> document = frame->domWindow()->installNewDocument(mimeType, init);
@@ -826,13 +823,10 @@ void DocumentLoader::setUserChosenEncoding(const String& charset)
         m_writer->setUserChosenEncoding(charset);
 }
 
-// This is only called by ScriptController::executeScriptIfJavaScriptURL
-// and always contains the result of evaluating a javascript: url.
-// This is the <iframe src="javascript:'html'"> case.
-void DocumentLoader::replaceDocument(const String& source, Document* ownerDocument)
+// This is only called by FrameLoader::replaceDocumentWhileExecutingJavaScriptURL()
+void DocumentLoader::replaceDocumentWhileExecutingJavaScriptURL(const DocumentInit& init, const String& source, Document* ownerDocument)
 {
-    m_frame->loader().stopAllLoaders();
-    m_writer = createWriterFor(m_frame, ownerDocument, m_frame->document()->url(), mimeType(), m_writer ? m_writer->encoding() : emptyAtom, true);
+    m_writer = createWriterFor(ownerDocument, init, mimeType(), m_writer ? m_writer->encoding() : emptyAtom, true);
     if (!source.isNull())
         m_writer->appendReplacingData(source);
     endWriting(m_writer.get());