Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/loader/FrameLoader.cpp

Issue 23640006: Fix inspector crash when reloading during a debugger pause on a page with unload event handlers (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
5 * Copyright (C) 2008 Alp Toker <alp@atoker.com> 5 * Copyright (C) 2008 Alp Toker <alp@atoker.com>
6 * Copyright (C) Research In Motion Limited 2009. All rights reserved. 6 * Copyright (C) Research In Motion Limited 2009. All rights reserved.
7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com> 7 * Copyright (C) 2011 Kris Jordan <krisjordan@gmail.com>
8 * Copyright (C) 2011 Google Inc. All rights reserved. 8 * Copyright (C) 2011 Google Inc. All rights reserved.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
(...skipping 947 matching lines...) Expand 10 before | Expand all | Expand 10 after
958 958
959 // Check if the destination page is allowed to access the previous page's ti ming information. 959 // Check if the destination page is allowed to access the previous page's ti ming information.
960 if (m_frame->document()) { 960 if (m_frame->document()) {
961 RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::create(pdl->requ est().url()); 961 RefPtr<SecurityOrigin> securityOrigin = SecurityOrigin::create(pdl->requ est().url());
962 pdl->timing()->setHasSameOriginAsPreviousDocument(securityOrigin->canReq uest(m_frame->document()->url())); 962 pdl->timing()->setHasSameOriginAsPreviousDocument(securityOrigin->canReq uest(m_frame->document()->url()));
963 } 963 }
964 964
965 // The call to closeURL() invokes the unload event handler, which can execut e arbitrary 965 // The call to closeURL() invokes the unload event handler, which can execut e arbitrary
966 // JavaScript. If the script initiates a new load, we need to abandon the cu rrent load, 966 // JavaScript. If the script initiates a new load, we need to abandon the cu rrent load,
967 // or the two will stomp each other. 967 // or the two will stomp each other.
968 // detachChildren will similarly trigger child frame unload event handlers.
968 if (m_documentLoader) 969 if (m_documentLoader)
969 closeURL(); 970 closeURL();
971 detachChildren();
970 if (pdl != m_provisionalDocumentLoader) 972 if (pdl != m_provisionalDocumentLoader)
971 return; 973 return;
972
973 // detachChildren() can trigger this frame's unload event, and therefore
974 // script can run and do just about anything. For example, an unload event t hat calls
975 // document.write("") on its parent frame can lead to a recursive detachChil dren()
976 // invocation for this frame. Leave the loader that is being committed in a temporarily
977 // detached state, such that it can't be found and cancelled.
978 RefPtr<DocumentLoader> loaderBeingCommitted = m_provisionalDocumentLoader.re lease();
979 detachChildren();
980 if (m_documentLoader) 974 if (m_documentLoader)
981 m_documentLoader->detachFromFrame(); 975 m_documentLoader->detachFromFrame();
982 m_documentLoader = loaderBeingCommitted; 976 m_documentLoader = m_provisionalDocumentLoader.release();
983 m_state = FrameStateCommittedPage; 977 m_state = FrameStateCommittedPage;
984 978
985 if (isLoadingMainFrame()) 979 if (isLoadingMainFrame())
986 m_frame->page()->chrome().client().needTouchEvents(false); 980 m_frame->page()->chrome().client().needTouchEvents(false);
987 981
988 history()->updateForCommit(); 982 history()->updateForCommit();
989 m_client->transitionToCommittedForNewPage(); 983 m_client->transitionToCommittedForNewPage();
990 984
991 m_frame->navigationScheduler()->cancel(); 985 m_frame->navigationScheduler()->cancel();
992 m_frame->editor().clearLastEditCommand(); 986 m_frame->editor().clearLastEditCommand();
(...skipping 773 matching lines...) Expand 10 before | Expand all | Expand 10 after
1766 { 1760 {
1767 SandboxFlags flags = m_forcedSandboxFlags; 1761 SandboxFlags flags = m_forcedSandboxFlags;
1768 if (Frame* parentFrame = m_frame->tree()->parent()) 1762 if (Frame* parentFrame = m_frame->tree()->parent())
1769 flags |= parentFrame->document()->sandboxFlags(); 1763 flags |= parentFrame->document()->sandboxFlags();
1770 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement()) 1764 if (HTMLFrameOwnerElement* ownerElement = m_frame->ownerElement())
1771 flags |= ownerElement->sandboxFlags(); 1765 flags |= ownerElement->sandboxFlags();
1772 return flags; 1766 return flags;
1773 } 1767 }
1774 1768
1775 } // namespace WebCore 1769 } // namespace WebCore
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698