Changeset 229341 in webkit

Timestamp:

Mar 6, 2018 2:01:27 PM (6 years ago)

Author:

Chris Dumez

Message:

fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html fails with async policy delegates
​https://bugs.webkit.org/show_bug.cgi?id=183345

Reviewed by Alex Christensen.

Source/WebCore:

FrameLoader::loadURL() was calling loadWithNavigationAction() and then resetting the
m_quickRedirectComing flag right after. This works if the navigation policy decision
triggered by loadWithNavigationAction() is made synchronously. However, when it is
made asynchronously, the flag gets reset too early, before the policy decision
handler has been called. This is an issue because the policy decision handler
relies on the m_quickRedirectComing flag.

Similarly, FrameLoader::loadFrameRequest() was calling loadPostRequest() / loadURL()
and then focusing a frame right after. This does not work as intended when the navigation
policy decision is made asynchronously.

To address the issue, we now pass a completion handler that gets called when the operation
has actually completion, after the policy decision has been made. This maintains the
behavior in place with synchronous policy delegates.

Test: fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates.html

• loader/FrameLoader.cpp:

(WebCore::FrameLoader::loadURLIntoChildFrame):
(WebCore::FrameLoader::loadFrameRequest):
(WebCore::FrameLoader::loadURL):
(WebCore::FrameLoader::loadWithNavigationAction):
(WebCore::FrameLoader::load):
(WebCore::FrameLoader::loadWithDocumentLoader):
(WebCore::FrameLoader::reloadWithOverrideEncoding):
(WebCore::FrameLoader::reload):
(WebCore::FrameLoader::loadPostRequest):
(WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
(WebCore::FrameLoader::loadDifferentDocumentItem):

• loader/FrameLoader.h:

Tools:

Add layout test infrastructure so a test can know when didCancelClientRedirectForFrame has
been called. The tests used to rely on a 0-timer but this does not work when the client
responds to the navigation policy asynchronously.

• DumpRenderTree/TestRunner.cpp:

(getDidCancelClientRedirect):
(TestRunner::staticValues):

• DumpRenderTree/TestRunner.h:

(TestRunner::didCancelClientRedirect const):
(TestRunner::setDidCancelClientRedirect):

• DumpRenderTree/mac/FrameLoadDelegate.mm:

(-[FrameLoadDelegate webView:didCancelClientRedirectForFrame:]):

• WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
• WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:

(WTR::InjectedBundlePage::didCancelClientRedirectForFrame):

• WebKitTestRunner/InjectedBundle/TestRunner.h:

(WTR::TestRunner::didCancelClientRedirect const):
(WTR::TestRunner::setDidCancelClientRedirect):

LayoutTests:

• fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt: Added.
• fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates.html: Added.

Add layout test coverage.

• fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt:
• fast/loader/redirect-to-invalid-url-using-javascript-disallowed.html:
• fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt:
• fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html:
• fast/loader/window-open-to-invalid-url-disallowed-expected.txt:
• fast/loader/window-open-to-invalid-url-disallowed.html:
• platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt:
• platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt: Added.
• platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt:
• platform/mac-wk1/fast/loader/window-open-to-invalid-url-disallowed-expected.txt:

Update tests that were relying on a 0-timer to make sure that didCancelClientRedirectForFrame was
called to rely on our new test infrastructure instead. This is needed so that these tests keep passing
once we make policy delegates asynchronous by default. Without this, the didCancelClientRedirectForFrame lines
would be missing in the tests' output.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-javascript-disallowed.html (modified) (1 diff)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt (copied) (copied from trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt) (1 diff)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates.html (added)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html (modified) (1 diff)
• LayoutTests/fast/loader/window-open-to-invalid-url-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/fast/loader/window-open-to-invalid-url-disallowed.html (modified) (1 diff)
• LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt (copied) (copied from trunk/LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt) (1 diff)
• LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/platform/mac-wk1/fast/loader/window-open-to-invalid-url-disallowed-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/imported/w3c/web-platform-tests/html/browsers (added)
• LayoutTests/platform/wk2/imported/w3c/web-platform-tests/html/browsers/windows (added)
• LayoutTests/platform/wk2/imported/w3c/web-platform-tests/html/browsers/windows/noreferrer-window-name-expected.txt (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/FrameLoader.cpp (modified) (18 diffs)
• Source/WebCore/loader/FrameLoader.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/DumpRenderTree/TestRunner.cpp (modified) (2 diffs)
• Tools/DumpRenderTree/TestRunner.h (modified) (2 diffs)
• Tools/DumpRenderTree/mac/FrameLoadDelegate.mm (modified) (1 diff)
• Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl (modified) (1 diff)
• Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp (modified) (1 diff)
• Tools/WebKitTestRunner/InjectedBundle/TestRunner.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2018-03-06  Chris Dumez  <cdumez@apple.com>
+
+        fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html fails with async policy delegates
+        https://bugs.webkit.org/show_bug.cgi?id=183345
+
+        Reviewed by Alex Christensen.
+
+        * fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt: Added.
+        * fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates.html: Added.
+        Add layout test coverage.
+
+        * fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt:
+        * fast/loader/redirect-to-invalid-url-using-javascript-disallowed.html:
+        * fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt:
+        * fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html:
+        * fast/loader/window-open-to-invalid-url-disallowed-expected.txt:
+        * fast/loader/window-open-to-invalid-url-disallowed.html:
+        * platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt:
+        * platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt: Added.
+        * platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt:
+        * platform/mac-wk1/fast/loader/window-open-to-invalid-url-disallowed-expected.txt:
+        Update tests that were relying on a 0-timer to make sure that didCancelClientRedirectForFrame was
+        called to rely on our new test infrastructure instead. This is needed so that these tests keep passing
+        once we make policy delegates asynchronous by default. Without this, the didCancelClientRedirectForFrame lines
+        would be missing in the tests' output.
+
 2018-03-06  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt

@@ +1 @@
+main frame - didFinishDocumentLoadForFrame
 main frame - willPerformClientRedirectToURL: http://A=a%B=b 
-main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 main frame - didCancelClientRedirectForFrame
 Tests that we do not redirect to an invalid URL initiated by JavaScript. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-javascript-disallowed.html

@@ -2 +2 @@
 <html>
 <head>
+<script src="../../resources/js-test.js"></script>
 <script>
-if (window.testRunner) {
-    testRunner.dumpAsText();
+if (window.testRunner)
     testRunner.dumpFrameLoadCallbacks();
-    testRunner.waitUntilDone();
-}
+jsTestIsAsync = true;
 </script>
 </head>
 <body>
-<p>Tests that we do not redirect to an invalid URL initiated by JavaScript. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.</p>
-<p>Note, this test must be run in DumpRenderTree.</p>
 <script>
-window.location.href = "http://A=a%B=b";
-window.setTimeout(function() {
-    if (window.testRunner)
-        testRunner.notifyDone();
-}, 0);
+description("Tests that we do not redirect to an invalid URL initiated by JavaScript. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.");
+onload = function() {
+    window.location.href = "http://A=a%B=b";
+    shouldBecomeEqual("testRunner.didCancelClientRedirect", "true", finishJSTest);
+}
 </script>
 </body>

trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt

@@ -6 +6 @@
 Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh">. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt

@@ -6 +6 @@
 Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh">. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html

@@ -3 +3 @@
 <head>
 <meta http-equiv="refresh" content="0; url=http://A=a%B=b">
+<script src="../../resources/js-test.js"></script>
 <script>
-if (window.testRunner) {
-    testRunner.dumpAsText();
+if (window.testRunner)
     testRunner.dumpFrameLoadCallbacks();
-    testRunner.waitUntilDone();
-}
+jsTestIsAsync = true;
 </script>
 </head>
 <body>
-<p>Tests that we do not redirect to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt;. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.</p>
-<p>Note, this test must be run in DumpRenderTree.</p>
 <script>
-// This ugly double-timeout ensures that the scheduled meta-refresh, whose timer isn't even started until the frame finishes loading,
-// fires before notifyDone() is called, ensuring that didCancelClientRedirectForFrame is logged by DumpRenderTree.
-window.setTimeout(function() {
-    window.setTimeout(function() {
-        if (window.testRunner)
-            testRunner.notifyDone();
-    }, 0);
-}, 0);
+description("Tests that we do not redirect to an invalid URL initiated by &lt;meta http-equiv=&quot;refresh&quot;&gt;. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.");
+
+shouldBecomeEqual("testRunner.didCancelClientRedirect", "true", finishJSTest);
 </script>
 </body>

trunk/LayoutTests/fast/loader/window-open-to-invalid-url-disallowed-expected.txt

@@ +1 @@
+main frame - didFinishDocumentLoadForFrame
 main frame - willPerformClientRedirectToURL: http://A=a%B=b 
-main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 main frame - didCancelClientRedirectForFrame
 Tests that we do not open a new window to an invalid URL. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS win.testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/fast/loader/window-open-to-invalid-url-disallowed.html

@@ -2 +2 @@
 <html>
 <head>
+<script src="../../resources/js-test.js"></script>
 <script>
 if (window.testRunner) {
-    testRunner.dumpAsText();
     testRunner.dumpFrameLoadCallbacks();
-    testRunner.waitUntilDone();
     testRunner.setCanOpenWindows();
 }
+jsTestIsAsync = true;
 </script>
 </head>
 <body>
-<p>Tests that we do not open a new window to an invalid URL. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.</p>
-<p>Note, this test must be run in DumpRenderTree.</p>
 <script>
-window.open("http://A=a%B=b", "_top");
-window.setTimeout(function() {
-    if (window.testRunner)
-        testRunner.notifyDone();
-}, 0);
+description("Tests that we do not open a new window to an invalid URL. This test PASSED if you see an entry in the dumped frame load callbacks of the form: &quot;willPerformClientRedirectToURL: http://A=a%B=b&quot; followed by &quot;didCancelClientRedirectForFrame&quot;.");
+onload = function() {
+    win = window.open("http://A=a%B=b", "_top");
+    shouldBecomeEqual("win.testRunner.didCancelClientRedirect", "true", finishJSTest);
+};
 </script>
 </body>

trunk/LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-javascript-disallowed-expected.txt

@@ +1 @@
+main frame - didFinishDocumentLoadForFrame
 main frame - willPerformClientRedirectToURL: http://A=a%25B=b 
-main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 main frame - didCancelClientRedirectForFrame
 Tests that we do not redirect to an invalid URL initiated by JavaScript. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates-expected.txt

@@ -6 +6 @@
 Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh">. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/platform/mac-wk1/fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-expected.txt

@@ -6 +6 @@
 Tests that we do not redirect to an invalid URL initiated by <meta http-equiv="refresh">. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/LayoutTests/platform/mac-wk1/fast/loader/window-open-to-invalid-url-disallowed-expected.txt

@@ +1 @@
+main frame - didFinishDocumentLoadForFrame
 main frame - willPerformClientRedirectToURL: http://A=a%25B=b 
-main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
 main frame - didFinishLoadForFrame
 main frame - didCancelClientRedirectForFrame
 Tests that we do not open a new window to an invalid URL. This test PASSED if you see an entry in the dumped frame load callbacks of the form: "willPerformClientRedirectToURL: http://A=a%B=b" followed by "didCancelClientRedirectForFrame".
 
-Note, this test must be run in DumpRenderTree.
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS win.testRunner.didCancelClientRedirect became true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-03-06  Chris Dumez  <cdumez@apple.com>
+
+        fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html fails with async policy delegates
+        https://bugs.webkit.org/show_bug.cgi?id=183345
+
+        Reviewed by Alex Christensen.
+
+        FrameLoader::loadURL() was calling loadWithNavigationAction() and then resetting the
+        m_quickRedirectComing flag right after. This works if the navigation policy decision
+        triggered by loadWithNavigationAction() is made synchronously. However, when it is
+        made asynchronously, the flag gets reset too early, before the policy decision
+        handler has been called. This is an issue because the policy decision handler
+        relies on the m_quickRedirectComing flag.
+
+        Similarly, FrameLoader::loadFrameRequest() was calling loadPostRequest() / loadURL()
+        and then focusing a frame right after. This does not work as intended when the navigation
+        policy decision is made asynchronously.
+
+        To address the issue, we now pass a completion handler that gets called when the operation
+        has actually completion, after the policy decision has been made. This maintains the
+        behavior in place with synchronous policy delegates.
+
+        Test: fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed-async-delegates.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::loadURLIntoChildFrame):
+        (WebCore::FrameLoader::loadFrameRequest):
+        (WebCore::FrameLoader::loadURL):
+        (WebCore::FrameLoader::loadWithNavigationAction):
+        (WebCore::FrameLoader::load):
+        (WebCore::FrameLoader::loadWithDocumentLoader):
+        (WebCore::FrameLoader::reloadWithOverrideEncoding):
+        (WebCore::FrameLoader::reload):
+        (WebCore::FrameLoader::loadPostRequest):
+        (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
+        (WebCore::FrameLoader::loadDifferentDocumentItem):
+        * loader/FrameLoader.h:
+
 2018-03-06  Antoine Quint  <graouts@apple.com>
 

trunk/Source/WebCore/loader/FrameLoader.cpp

@@ -936 +936 @@
 
     FrameLoadRequest frameLoadRequest { *m_frame.document(), m_frame.document()->securityOrigin(), { url }, ASCIILiteral("_self"), LockHistory::No, LockBackForwardList::Yes, ShouldSendReferrer::MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, initiatedByMainFrame };
-    childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, nullptr);
+    childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, nullptr, [] { });
 }
 
@@ -1201 +1201 @@
         loadType = FrameLoadType::Standard;
 
-    String frameName = request.frameName();
+    auto completionHandler = [this, protectedFrame = makeRef(m_frame), formState = makeRefPtr(formState), frameName = request.frameName()] {
+        // FIXME: It's possible this targetFrame will not be the same frame that was targeted by the actual
+        // load if frame names have changed.
+        Frame* sourceFrame = formState ? formState->sourceDocument().frame() : &m_frame;
+        if (!sourceFrame)
+            sourceFrame = &m_frame;
+        Frame* targetFrame = sourceFrame->loader().findFrameForNavigation(frameName);
+        if (targetFrame && targetFrame != sourceFrame) {
+            if (Page* page = targetFrame->page())
+                page->chrome().focus();
+        }
+    };
+
     if (request.resourceRequest().httpMethod() == "POST")
-        loadPostRequest(WTFMove(request), referrer, loadType, event, formState);
+        loadPostRequest(WTFMove(request), referrer, loadType, event, formState, WTFMove(completionHandler));
     else
-        loadURL(WTFMove(request), referrer, loadType, event, formState);
-
-    // FIXME: It's possible this targetFrame will not be the same frame that was targeted by the actual
-    // load if frame names have changed.
-    Frame* sourceFrame = formState ? formState->sourceDocument().frame() : &m_frame;
-    if (!sourceFrame)
-        sourceFrame = &m_frame;
-    Frame* targetFrame = sourceFrame->loader().findFrameForNavigation(frameName);
-    if (targetFrame && targetFrame != sourceFrame) {
-        if (Page* page = targetFrame->page())
-            page->chrome().focus();
-    }
+        loadURL(WTFMove(request), referrer, loadType, event, formState, WTFMove(completionHandler));
 }
 
@@ -1262 +1263 @@
 };
 
-void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, FormState* formState)
-{
+void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, FormState* formState, CompletionHandler<void()>&& completionHandler)
+{
+    CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler));
     if (m_inStopAllLoaders)
         return;
@@ -1295 +1297 @@
     if (targetFrame && targetFrame != &m_frame) {
         frameLoadRequest.setFrameName("_self");
-        targetFrame->loader().loadURL(WTFMove(frameLoadRequest), referrer, newLoadType, event, formState);
+        targetFrame->loader().loadURL(WTFMove(frameLoadRequest), referrer, newLoadType, event, formState, completionHandlerCaller.release());
         return;
     }
@@ -1306 +1308 @@
     if (!targetFrame && !frameName.isEmpty()) {
         action = action.copyWithShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(m_frame, frameLoadRequest));
-        policyChecker().checkNewWindowPolicy(WTFMove(action), request, formState, frameName, [this, allowNavigationToInvalidURL, openerPolicy] (const ResourceRequest& request, FormState* formState, const String& frameName, const NavigationAction& action, bool shouldContinue) {
+        policyChecker().checkNewWindowPolicy(WTFMove(action), request, formState, frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, FormState* formState, const String& frameName, const NavigationAction& action, bool shouldContinue) {
             continueLoadAfterNewWindowPolicy(request, formState, frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy);
+            completionHandler();
         });
         return;
@@ -1341 +1344 @@
     // must grab this now, since this load may stop the previous load and clear this flag
     bool isRedirect = m_quickRedirectComing;
-    loadWithNavigationAction(request, action, lockHistory, newLoadType, formState, allowNavigationToInvalidURL);
-    if (isRedirect) {
-        m_quickRedirectComing = false;
-        if (m_provisionalDocumentLoader)
-            m_provisionalDocumentLoader->setIsClientRedirect(true);
-        else if (m_policyDocumentLoader)
-            m_policyDocumentLoader->setIsClientRedirect(true);
-    } else if (sameURL && !isReload(newLoadType)) {
-        // Example of this case are sites that reload the same URL with a different cookie
-        // driving the generated content, or a master frame with links that drive a target
-        // frame, where the user has clicked on the same link repeatedly.
-        m_loadType = FrameLoadType::Same;
-    }
+    loadWithNavigationAction(request, action, lockHistory, newLoadType, formState, allowNavigationToInvalidURL, [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] {
+        if (isRedirect) {
+            m_quickRedirectComing = false;
+            if (m_provisionalDocumentLoader)
+                m_provisionalDocumentLoader->setIsClientRedirect(true);
+            else if (m_policyDocumentLoader)
+                m_policyDocumentLoader->setIsClientRedirect(true);
+        } else if (sameURL && !isReload(newLoadType)) {
+            // Example of this case are sites that reload the same URL with a different cookie
+            // driving the generated content, or a master frame with links that drive a target
+            // frame, where the user has clicked on the same link repeatedly.
+            m_loadType = FrameLoadType::Same;
+        }
+        completionHandler();
+    });
 }
 
@@ -1402 +1407 @@
 }
 
-void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, LockHistory lockHistory, FrameLoadType type, FormState* formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL)
+void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, LockHistory lockHistory, FrameLoadType type, FormState* formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, CompletionHandler<void()>&& completionHandler)
 {
     Ref<DocumentLoader> loader = m_client.createDocumentLoader(request, defaultSubstituteDataForURL(request.url()));
@@ -1414 +1419 @@
         loader->setOverrideEncoding(m_documentLoader->overrideEncoding());
 
-    loadWithDocumentLoader(loader.ptr(), type, formState, allowNavigationToInvalidURL);
+    loadWithDocumentLoader(loader.ptr(), type, formState, allowNavigationToInvalidURL, WTFMove(completionHandler));
 }
 
@@ -1453 +1458 @@
     }
 
-    loadWithDocumentLoader(newDocumentLoader, type, 0, AllowNavigationToInvalidURL::Yes);
-}
-
-void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, FormState* formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL)
+    loadWithDocumentLoader(newDocumentLoader, type, 0, AllowNavigationToInvalidURL::Yes, [] { });
+}
+
+void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, FormState* formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, CompletionHandler<void()>&& completionHandler)
 {
     // Retain because dispatchBeforeLoadEvent may release the last reference to it.
     Ref<Frame> protect(m_frame);
+
+    CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler));
 
     ASSERT(m_client.hasWebView());
@@ -1532 +1539 @@
     m_frame.navigationScheduler().cancel(true);
 
-    policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, loader, formState, [this, protectedFrame = makeRef(m_frame), allowNavigationToInvalidURL] (const ResourceRequest& request, FormState* formState, bool shouldContinue) {
+    policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, loader, formState, [this, protectedFrame = makeRef(m_frame), allowNavigationToInvalidURL, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, FormState* formState, bool shouldContinue) {
         continueLoadAfterNavigationPolicy(request, formState, shouldContinue, allowNavigationToInvalidURL);
+        completionHandler();
     });
 }
@@ -1631 +1639 @@
     loader->setOverrideEncoding(encoding);
 
-    loadWithDocumentLoader(loader.ptr(), FrameLoadType::Reload, 0, AllowNavigationToInvalidURL::Yes);
+    loadWithDocumentLoader(loader.ptr(), FrameLoadType::Reload, 0, AllowNavigationToInvalidURL::Yes, [] { });
 }
 
@@ -1676 +1684 @@
     };
     
-    loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), 0, AllowNavigationToInvalidURL::Yes);
+    loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), 0, AllowNavigationToInvalidURL::Yes, [] { });
 }
 
@@ -2748 +2756 @@
 }
 
-void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& referrer, FrameLoadType loadType, Event* event, FormState* formState)
+void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& referrer, FrameLoadType loadType, Event* event, FormState* formState, CompletionHandler<void()>&& completionHandler)
 {
     String frameName = request.frameName();
@@ -2778 +2786 @@
         // The search for a target frame is done earlier in the case of form submission.
         if (Frame* targetFrame = formState ? 0 : findFrameForNavigation(frameName)) {
-            targetFrame->loader().loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL);
+            targetFrame->loader().loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, WTFMove(completionHandler));
             return;
         }
 
-        policyChecker().checkNewWindowPolicy(WTFMove(action), workingResourceRequest, WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy] (const ResourceRequest& request, FormState* formState, const String& frameName, const NavigationAction& action, bool shouldContinue) {
+        policyChecker().checkNewWindowPolicy(WTFMove(action), workingResourceRequest, WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, FormState* formState, const String& frameName, const NavigationAction& action, bool shouldContinue) {
             continueLoadAfterNewWindowPolicy(request, formState, frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy);
+            completionHandler();
         });
         return;
@@ -2790 +2799 @@
     // must grab this now, since this load may stop the previous load and clear this flag
     bool isRedirect = m_quickRedirectComing;
-    loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL);
-    if (isRedirect) {
-        m_quickRedirectComing = false;
-        if (m_provisionalDocumentLoader)
-            m_provisionalDocumentLoader->setIsClientRedirect(true);
-        else if (m_policyDocumentLoader)
-            m_policyDocumentLoader->setIsClientRedirect(true);
-    }
+    loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, [this, isRedirect, protectedFrame = makeRef(m_frame), completionHandler = WTFMove(completionHandler)] {
+        if (isRedirect) {
+            m_quickRedirectComing = false;
+            if (m_provisionalDocumentLoader)
+                m_provisionalDocumentLoader->setIsClientRedirect(true);
+            else if (m_policyDocumentLoader)
+                m_policyDocumentLoader->setIsClientRedirect(true);
+        }
+        completionHandler();
+    });
 }
 
@@ -3259 +3270 @@
 
     NavigationAction newAction { *frame->document(), request, InitiatedByMainFrame::Unknown, NavigationType::Other, action.shouldOpenExternalURLsPolicy() };
-    mainFrame->loader().loadWithNavigationAction(request, newAction, LockHistory::No, FrameLoadType::Standard, formState, allowNavigationToInvalidURL);
+    mainFrame->loader().loadWithNavigationAction(request, newAction, LockHistory::No, FrameLoadType::Standard, formState, allowNavigationToInvalidURL, [] { });
 }
 
@@ -3449 +3460 @@
         documentLoader->setTriggeringAction({ *m_frame.document(), documentLoader->request(), initiatedByMainFrame, loadType, false });
         documentLoader->setLastCheckedRequest(ResourceRequest());
-        loadWithDocumentLoader(documentLoader, loadType, 0, AllowNavigationToInvalidURL::Yes);
+        loadWithDocumentLoader(documentLoader, loadType, 0, AllowNavigationToInvalidURL::Yes, [] { });
         return;
     }
@@ -3535 +3546 @@
     }
 
-    loadWithNavigationAction(request, action, LockHistory::No, loadType, 0, AllowNavigationToInvalidURL::Yes);
+    loadWithNavigationAction(request, action, LockHistory::No, loadType, 0, AllowNavigationToInvalidURL::Yes, [] { });
 }
 

trunk/Source/WebCore/loader/FrameLoader.h

@@ -360 +360 @@
     void urlSelected(FrameLoadRequest&&, Event*);
 
-    void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, FormState*, AllowNavigationToInvalidURL); // Calls continueLoadAfterNavigationPolicy
+    void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, FormState*, AllowNavigationToInvalidURL, CompletionHandler<void()>&&); // Calls continueLoadAfterNavigationPolicy
     void load(DocumentLoader*); // Calls loadWithDocumentLoader
 
-    void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&, LockHistory, FrameLoadType, FormState*, AllowNavigationToInvalidURL); // Calls loadWithDocumentLoader
-
-    void loadPostRequest(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*);
-    void loadURL(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*);
+    void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&, LockHistory, FrameLoadType, FormState*, AllowNavigationToInvalidURL, CompletionHandler<void()>&&); // Calls loadWithDocumentLoader
+
+    void loadPostRequest(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*, CompletionHandler<void()>&&);
+    void loadURL(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*, CompletionHandler<void()>&&);
 
     bool shouldReload(const URL& currentURL, const URL& destinationURL);

trunk/Tools/ChangeLog

@@ +1 @@
+2018-03-06  Chris Dumez  <cdumez@apple.com>
+
+        fast/loader/redirect-to-invalid-url-using-meta-refresh-disallowed.html fails with async policy delegates
+        https://bugs.webkit.org/show_bug.cgi?id=183345
+
+        Reviewed by Alex Christensen.
+
+        Add layout test infrastructure so a test can know when didCancelClientRedirectForFrame has
+        been called. The tests used to rely on a 0-timer but this does not work when the client
+        responds to the navigation policy asynchronously.
+
+        * DumpRenderTree/TestRunner.cpp:
+        (getDidCancelClientRedirect):
+        (TestRunner::staticValues):
+        * DumpRenderTree/TestRunner.h:
+        (TestRunner::didCancelClientRedirect const):
+        (TestRunner::setDidCancelClientRedirect):
+        * DumpRenderTree/mac/FrameLoadDelegate.mm:
+        (-[FrameLoadDelegate webView:didCancelClientRedirectForFrame:]):
+        * WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
+        * WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp:
+        (WTR::InjectedBundlePage::didCancelClientRedirectForFrame):
+        * WebKitTestRunner/InjectedBundle/TestRunner.h:
+        (WTR::TestRunner::didCancelClientRedirect const):
+        (WTR::TestRunner::setDidCancelClientRedirect):
+
 2018-03-06  Zan Dobersek  <zdobersek@igalia.com>
 

trunk/Tools/DumpRenderTree/TestRunner.cpp

@@ -1810 +1810 @@
 }
 
+static JSValueRef getDidCancelClientRedirect(JSContextRef context, JSObjectRef thisObject, JSStringRef propertyName, JSValueRef* exception)
+{
+    TestRunner* controller = static_cast<TestRunner*>(JSObjectGetPrivate(thisObject));
+    return JSValueMakeBoolean(context, controller->didCancelClientRedirect());
+}
+
 static JSValueRef getDatabaseDefaultQuotaCallback(JSContextRef context, JSObjectRef thisObject, JSStringRef propertyName, JSValueRef* exception)
 {
@@ -2078 +2084 @@
 {
     static JSStaticValue staticValues[] = {
+        { "didCancelClientRedirect", getDidCancelClientRedirect, 0, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "timeout", getTimeoutCallback, 0, kJSPropertyAttributeReadOnly | kJSPropertyAttributeDontDelete },
         { "globalFlag", getGlobalFlagCallback, setGlobalFlagCallback, kJSPropertyAttributeNone },

trunk/Tools/DumpRenderTree/TestRunner.h

@@ -381 +381 @@
     void setOpenPanelFiles(JSContextRef, JSValueRef);
 
+    bool didCancelClientRedirect() const { return m_didCancelClientRedirect; }
+    void setDidCancelClientRedirect(bool value) { m_didCancelClientRedirect = value; }
+
 private:
     TestRunner(const std::string& testURL, const std::string& expectedPixelHash);
@@ -446 +449 @@
     bool m_hasPendingWebNotificationClick;
     bool m_dumpJSConsoleLogInStdErr { false };
+    bool m_didCancelClientRedirect { false };
 
     double m_databaseDefaultQuota;

trunk/Tools/DumpRenderTree/mac/FrameLoadDelegate.mm

@@ -405 +405 @@
         printf ("%s\n", [string UTF8String]);
     }
+    gTestRunner->setDidCancelClientRedirect(true);
 }
 

trunk/Tools/WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl

@@ -317 +317 @@
     void terminateServiceWorkerProcess();
 
+    readonly attribute boolean didCancelClientRedirect;
+
     void removeAllSessionCredentials(object callback);
 

trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundlePage.cpp

@@ -1007 +1007 @@
         return;
 
-    if (!injectedBundle.testRunner()->shouldDumpFrameLoadCallbacks())
-        return;
-
-    dumpLoadEvent(frame, "didCancelClientRedirectForFrame");
+    if (injectedBundle.testRunner()->shouldDumpFrameLoadCallbacks())
+        dumpLoadEvent(frame, "didCancelClientRedirectForFrame");
+
+    injectedBundle.testRunner()->setDidCancelClientRedirect(true);
 }
 

trunk/Tools/WebKitTestRunner/InjectedBundle/TestRunner.h

@@ -335 +335 @@
     void setIgnoresViewportScaleLimits(bool);
     void setShouldDownloadUndisplayableMIMETypes(bool);
+
+    bool didCancelClientRedirect() const { return m_didCancelClientRedirect; }
+    void setDidCancelClientRedirect(bool value) { m_didCancelClientRedirect = value; }
 
     void runUIScript(JSStringRef script, JSValueRef callback);
@@ -480 +483 @@
     bool m_shouldDecideResponsePolicyAfterDelay { false };
     bool m_shouldFinishAfterDownload { false };
+    bool m_didCancelClientRedirect { false };
 
     bool m_userStyleSheetEnabled;