Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(390)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/LocalFrame.cpp

Issue 657263002: Disallow script execution after unload event dispatch in frame detach. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« Source/core/frame/Frame.cpp ('K') | « Source/core/frame/Frame.cpp ('k') | Source/core/frame/RemoteFrame.cpp » ('j') | Source/core/frame/RemoteFrame.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org> 2 * Copyright (C) 1998, 1999 Torben Weis <weis@kde.org>
3 * 1999 Lars Knoll <knoll@kde.org> 3 * 1999 Lars Knoll <knoll@kde.org>
4 * 1999 Antti Koivisto <koivisto@kde.org> 4 * 1999 Antti Koivisto <koivisto@kde.org>
5 * 2000 Simon Hausmann <hausmann@kde.org> 5 * 2000 Simon Hausmann <hausmann@kde.org>
6 * 2000 Stefan Schimanski <1Stein@gmx.de> 6 * 2000 Stefan Schimanski <1Stein@gmx.de>
7 * 2001 George Staikos <staikos@kde.org> 7 * 2001 George Staikos <staikos@kde.org>
8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved. 8 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All r ights reserved.
9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com> 9 * Copyright (C) 2005 Alexey Proskuryakov <ap@nypop.com>
10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 10 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 #include "core/page/FocusController.h" 57 #include "core/page/FocusController.h"
58 #include "core/page/Page.h" 58 #include "core/page/Page.h"
59 #include "core/page/scrolling/ScrollingCoordinator.h" 59 #include "core/page/scrolling/ScrollingCoordinator.h"
60 #include "core/rendering/HitTestResult.h" 60 #include "core/rendering/HitTestResult.h"
61 #include "core/rendering/RenderLayer.h" 61 #include "core/rendering/RenderLayer.h"
62 #include "core/rendering/RenderView.h" 62 #include "core/rendering/RenderView.h"
63 #include "core/rendering/compositing/RenderLayerCompositor.h" 63 #include "core/rendering/compositing/RenderLayerCompositor.h"
64 #include "core/svg/SVGDocumentExtensions.h" 64 #include "core/svg/SVGDocumentExtensions.h"
65 #include "platform/DragImage.h" 65 #include "platform/DragImage.h"
66 #include "platform/RuntimeEnabledFeatures.h" 66 #include "platform/RuntimeEnabledFeatures.h"
67 #include "platform/ScriptForbiddenScope.h"
67 #include "platform/graphics/GraphicsContext.h" 68 #include "platform/graphics/GraphicsContext.h"
68 #include "platform/graphics/ImageBuffer.h" 69 #include "platform/graphics/ImageBuffer.h"
69 #include "platform/text/TextStream.h" 70 #include "platform/text/TextStream.h"
70 #include "wtf/PassOwnPtr.h" 71 #include "wtf/PassOwnPtr.h"
71 #include "wtf/StdLibExtras.h" 72 #include "wtf/StdLibExtras.h"
72 73
73 namespace blink { 74 namespace blink {
74 75
75 using namespace HTMLNames; 76 using namespace HTMLNames;
76 77
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
188 RefPtrWillBeRawPtr<LocalFrame> protect(this); 189 RefPtrWillBeRawPtr<LocalFrame> protect(this);
189 m_loader.stopAllLoaders(); 190 m_loader.stopAllLoaders();
190 m_loader.closeURL(); 191 m_loader.closeURL();
191 detachChildren(); 192 detachChildren();
192 // stopAllLoaders() needs to be called after detachChildren(), because detac hChildren() 193 // stopAllLoaders() needs to be called after detachChildren(), because detac hChildren()
193 // will trigger the unload event handlers of any child frames, and those eve nt 194 // will trigger the unload event handlers of any child frames, and those eve nt
194 // handlers might start a new subresource load in this frame. 195 // handlers might start a new subresource load in this frame.
195 m_loader.stopAllLoaders(); 196 m_loader.stopAllLoaders();
196 if (!client()) 197 if (!client())
197 return; 198 return;
199
200 ScriptForbiddenScope forbidScript;
198 m_loader.detach(); 201 m_loader.detach();
199 setView(nullptr); 202 setView(nullptr);
200 willDetachFrameHost(); 203 willDetachFrameHost();
201 // Notify ScriptController that the frame is closing, since its cleanup ends up calling 204 // Notify ScriptController that the frame is closing, since its cleanup ends up calling
202 // back to FrameLoaderClient via WindowProxy. 205 // back to FrameLoaderClient via WindowProxy.
203 script().clearForClose(); 206 script().clearForClose();
204 InspectorInstrumentation::frameDetachedFromParent(this); 207 InspectorInstrumentation::frameDetachedFromParent(this);
205 Frame::detach(); 208 Frame::detach();
206 } 209 }
207 210
(...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after
775 } 778 }
776 779
777 void LocalFrame::unregisterPluginElement(HTMLPlugInElement* plugin) 780 void LocalFrame::unregisterPluginElement(HTMLPlugInElement* plugin)
778 { 781 {
779 ASSERT(m_pluginElements.contains(plugin)); 782 ASSERT(m_pluginElements.contains(plugin));
780 m_pluginElements.remove(plugin); 783 m_pluginElements.remove(plugin);
781 } 784 }
782 #endif 785 #endif
783 786
784 } // namespace blink 787 } // namespace blink
OLDNEW
« Source/core/frame/Frame.cpp ('K') | « Source/core/frame/Frame.cpp ('k') | Source/core/frame/RemoteFrame.cpp » ('j') | Source/core/frame/RemoteFrame.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698