Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(297)

Unified Diff: Source/WebCore/html/HTMLFrameElementBase.cpp

Issue 7980042: Merge 95471 - [Chromium] Crash after magic iframe transfer for Pepper/NaCl plugins. (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/
Patch Set: Created 9 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/WebCore/html/HTMLFrameElementBase.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/WebCore/html/HTMLFrameElementBase.cpp
===================================================================
--- Source/WebCore/html/HTMLFrameElementBase.cpp (revision 95655)
+++ Source/WebCore/html/HTMLFrameElementBase.cpp (working copy)
@@ -44,6 +44,33 @@
using namespace HTMLNames;
+// Helper to check if the Frame's document contains elements that can instantiate plugins.
+// Does a recursive check for nested Frames too.
+static bool hasPluginElements(Frame* frame)
+{
+ if (!frame)
+ return false;
+
+ // Search for a plugin element in this document.
+ Document* document = frame->document();
+ for (Node* node = document->firstChild(); node; node = node->traverseNextNode(document)) {
+ if (!node->isElementNode())
+ continue;
+
+ Element* element = static_cast<Element*>(node);
+ if (element->hasLocalName(embedTag) || element->hasLocalName(objectTag))
+ return true;
+ }
+
+ // Do the same for the nested frames.
+ for (Frame* child = frame->tree()->firstChild(); child; child = child->tree()->nextSibling()) {
+ if (hasPluginElements(child))
+ return true;
+ }
+
+ return false;
+}
+
HTMLFrameElementBase::HTMLFrameElementBase(const QualifiedName& tagName, Document* document)
: HTMLFrameOwnerElement(tagName, document)
, m_scrolling(ScrollbarAuto)
@@ -251,8 +278,18 @@
return renderBox()->height();
}
+// Some types of content can restrict the ability to move the iframes between pages.
+// For example, the plugin infrastructure of an embedder may associate the plugin instances
+// with the top-level Frame for tracking various resources and failure to transfer those
+// resources correctly may lead to crashes and other ill effects (https://bugs.webkit.org/show_bug.cgi?id=68267)
+bool HTMLFrameElementBase::canRemainAliveOnRemovalFromTree()
+{
+ return !hasPluginElements(contentFrame());
+}
+
void HTMLFrameElementBase::setRemainsAliveOnRemovalFromTree(bool value)
{
+ ASSERT(!value || canRemainAliveOnRemovalFromTree());
m_remainsAliveOnRemovalFromTree = value;
// There is a possibility that JS will do document.adoptNode() on this element but will not insert it into the tree.
« no previous file with comments | « Source/WebCore/html/HTMLFrameElementBase.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698