DescriptionDo not fire beforeload events from frames with scripting disabled
This patch fixes a crash where an SVG CSS background image could cause
all pending beforeload events to fire. This became problematic once data
uri images started firing synchronously. The events we are interested in
preventing are global pending beforeload events because they are cross-
document and could be fired from an inner (sandboxed) SVG document.
This patch disables beforeload events from frames where scripting is disabled.
This is a followup to https://src.chromium.org/viewvc/blink?view=rev&revision=153029
which missed this case in XMLDocumentParser.cpp. I have verified the
other global pending event handlers are not called elsewhere.
BUG=256013
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=153969
Patch Set 1 #
Total comments: 1
Patch Set 2 : Do not fire events when the parser is stopped #
Total comments: 1
Messages
Total messages: 10 (0 generated)
|