Changeset 232147 in webkit
- Timestamp:
- May 23, 2018 10:23:00 PM (6 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r232143 r232147 1 2018-05-23 Brent Fulgham <bfulgham@apple.com> 2 3 Avoid keeping FormState alive longer than necessary 4 https://bugs.webkit.org/show_bug.cgi?id=185877 5 <rdar://problem/39329219> 6 7 Reviewed by Ryosuke Niwa. 8 9 A number of crash fixes were done to prevent FormState objects from being 10 accessed after their relevant Frames had been destroyed. Unfortunately, this 11 could cause the FormState to persist after the owning Frame had been 12 destroyed, resulting in nullptr dereferences. 13 14 This patch does the following: 15 16 1. Uses WeakPtr's for FormState objects passed to completion handlers, rather 17 than RefPtr, since those completion handlers might fire as part of the 18 clean-up process during Frame destruction. This allows us to use the FormState 19 if they are still valid, but gracefully handle cases where a form submission 20 is cancelled in-flight. 21 2. Moves FormState object as they pass through the loader. 22 3. Removes some extraneous WTFMove() calls being made on bare FormState pointers. 23 4. Changes FormSubmission to hold a RefPtr so we can move the FormState to the 24 loader in the code path that uses it (the FormSubmission is always destroyed 25 shortly afterwards). 26 5. Changes the trap from Bug 183704 so that it only fires if the FormState object 27 is being retained more than once. 28 29 * loader/DocumentLoader.cpp: 30 (WebCore::DocumentLoader::willSendRequest): Update for new CompletionHandler 31 signature. 32 * loader/FormState.cpp: 33 (WebCore::FormState::willDetachPage): Revise trap to check for retain counts 34 above one. 35 * loader/FormState.h: 36 (WebCore::FormState::weakPtrFactory const): Added. 37 * loader/FormSubmission.h: 38 (WebCore::FormSubmission::state const): Revised for change to RefPtr. 39 (WebCore::FormSubmission::takeState): Added. 40 * loader/FrameLoader.cpp: 41 (WebCore::FrameLoader::urlSelected): Update for new CompletionHandler signature. 42 (WebCore::FrameLoader::loadURLIntoChildFrame): Ditto. 43 (WebCore::FrameLoader::loadFrameRequest): Ditto. 44 (WebCore::FrameLoader::loadURL): Ditto. 45 (WebCore::FrameLoader::load): Ditto. 46 (WebCore::FrameLoader::loadWithNavigationAction): Ditto. 47 (WebCore::FrameLoader::loadWithDocumentLoader): Ditto. 48 (WebCore::FrameLoader::reloadWithOverrideEncoding): Ditto. 49 (WebCore::FrameLoader::reload): Ditto. 50 (WebCore::FrameLoader::loadPostRequest): Ditto. 51 (WebCore::FrameLoader::loadDifferentDocumentItem): Ditto. 52 * loader/FrameLoader.h: 53 * loader/NavigationScheduler.cpp: 54 * loader/PolicyChecker.cpp: 55 (WebCore::PolicyChecker::checkNavigationPolicy):Revise to use WeakPtr for 56 FormState passed to the completion handler. Remove some extraneous WTFMove() 57 calls on bare pointers. 58 (WebCore::PolicyChecker::checkNewWindowPolicy): Ditto. 59 * loader/PolicyChecker.h: 60 * page/ContextMenuController.cpp: 61 (WebCore::openNewWindow): Revise for new signatures. 62 (WebCore::ContextMenuController::contextMenuItemSelected): Ditto. 63 1 64 2018-05-23 Keith Miller <keith_miller@apple.com> 2 65 -
trunk/Source/WebCore/loader/DocumentLoader.cpp
r232093 r232147 1 1 /* 2 * Copyright (C) 2006-201 7Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2011 Google Inc. All rights reserved. 4 4 * … … 641 641 return completionHandler(WTFMove(newRequest)); 642 642 643 auto navigationPolicyCompletionHandler = [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request, FormState*, ShouldContinue shouldContinue) mutable {643 auto navigationPolicyCompletionHandler = [this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)] (ResourceRequest&& request, WeakPtr<FormState>&&, ShouldContinue shouldContinue) mutable { 644 644 m_waitingForNavigationPolicy = false; 645 645 switch (shouldContinue) { -
trunk/Source/WebCore/loader/FormState.cpp
r232093 r232147 1 1 /* 2 * Copyright (C) 2006-201 7Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 53 53 { 54 54 // Beartrap for <rdar://problem/37579354> 55 RELEASE_ASSERT _NOT_REACHED();55 RELEASE_ASSERT(hasOneRef()); 56 56 } 57 57 -
trunk/Source/WebCore/loader/FormState.h
r232093 r232147 1 1 /* 2 * Copyright (C) 2006-201 7Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 30 30 31 31 #include "FrameDestructionObserver.h" 32 #include <wtf/WeakPtr.h> 32 33 #include <wtf/text/WTFString.h> 33 34 … … 50 51 FormSubmissionTrigger formSubmissionTrigger() const { return m_formSubmissionTrigger; } 51 52 53 auto& weakPtrFactory() const { return m_weakFactory; } 54 52 55 private: 53 56 FormState(HTMLFormElement&, StringPairVector&& textFieldValues, Document&, FormSubmissionTrigger); … … 58 61 Ref<Document> m_sourceDocument; 59 62 FormSubmissionTrigger m_formSubmissionTrigger; 63 WeakPtrFactory<FormState> m_weakFactory; 60 64 }; 61 65 -
trunk/Source/WebCore/loader/FormSubmission.h
r218665 r232147 84 84 const String& target() const { return m_target; } 85 85 const String& contentType() const { return m_contentType; } 86 FormState& state() const { return m_formState; } 86 FormState& state() const { return *m_formState; } 87 Ref<FormState> takeState() { return m_formState.releaseNonNull(); } 87 88 FormData& data() const { return m_formData; } 88 89 const String boundary() const { return m_boundary; } … … 104 105 String m_target; 105 106 String m_contentType; 106 Ref <FormState> m_formState;107 RefPtr<FormState> m_formState; 107 108 Ref<FormData> m_formData; 108 109 String m_boundary; -
trunk/Source/WebCore/loader/FrameLoader.cpp
r232123 r232147 1 1 /* 2 * Copyright (C) 2006-201 6Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) … … 393 393 m_frame.document()->contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(frameRequest.resourceRequest(), ContentSecurityPolicy::InsecureRequestType::Navigation); 394 394 395 loadFrameRequest(WTFMove(frameRequest), triggeringEvent, nullptr);395 loadFrameRequest(WTFMove(frameRequest), triggeringEvent, { }); 396 396 } 397 397 … … 958 958 959 959 FrameLoadRequest frameLoadRequest { *m_frame.document(), m_frame.document()->securityOrigin(), { url }, ASCIILiteral("_self"), LockHistory::No, LockBackForwardList::Yes, ShouldSendReferrer::MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, ShouldOpenExternalURLsPolicy::ShouldNotAllow, initiatedByMainFrame }; 960 childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, nullptr, [] { });960 childFrame->loader().loadURL(WTFMove(frameLoadRequest), referer, FrameLoadType::RedirectWithLockedBackForwardList, nullptr, { }, [] { }); 961 961 } 962 962 … … 1200 1200 } 1201 1201 1202 void FrameLoader::loadFrameRequest(FrameLoadRequest&& request, Event* event, FormState*formState)1202 void FrameLoader::loadFrameRequest(FrameLoadRequest&& request, Event* event, RefPtr<FormState>&& formState) 1203 1203 { 1204 1204 // Protect frame from getting blown away inside dispatchBeforeLoadEvent in loadWithDocumentLoader. … … 1229 1229 loadType = FrameLoadType::Standard; 1230 1230 1231 auto completionHandler = [this, protectedFrame = makeRef(m_frame), formState = make RefPtr(formState), frameName = request.frameName()] {1231 auto completionHandler = [this, protectedFrame = makeRef(m_frame), formState = makeWeakPtr(formState.get()), frameName = request.frameName()] { 1232 1232 // FIXME: It's possible this targetFrame will not be the same frame that was targeted by the actual 1233 1233 // load if frame names have changed. … … 1243 1243 1244 1244 if (request.resourceRequest().httpMethod() == "POST") 1245 loadPostRequest(WTFMove(request), referrer, loadType, event, formState, WTFMove(completionHandler));1245 loadPostRequest(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler)); 1246 1246 else 1247 loadURL(WTFMove(request), referrer, loadType, event, formState, WTFMove(completionHandler));1247 loadURL(WTFMove(request), referrer, loadType, event, WTFMove(formState), WTFMove(completionHandler)); 1248 1248 } 1249 1249 … … 1287 1287 } 1288 1288 1289 void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, FormState*formState, CompletionHandler<void()>&& completionHandler)1289 void FrameLoader::loadURL(FrameLoadRequest&& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, RefPtr<FormState>&& formState, CompletionHandler<void()>&& completionHandler) 1290 1290 { 1291 1291 CompletionHandlerCallingScope completionHandlerCaller(WTFMove(completionHandler)); … … 1321 1321 if (targetFrame && targetFrame != &m_frame) { 1322 1322 frameLoadRequest.setFrameName("_self"); 1323 targetFrame->loader().loadURL(WTFMove(frameLoadRequest), referrer, newLoadType, event, formState, completionHandlerCaller.release());1323 targetFrame->loader().loadURL(WTFMove(frameLoadRequest), referrer, newLoadType, event, WTFMove(formState), completionHandlerCaller.release()); 1324 1324 return; 1325 1325 } … … 1339 1339 if (!targetFrame && !frameName.isEmpty()) { 1340 1340 action = action.copyWithShouldOpenExternalURLsPolicy(shouldOpenExternalURLsPolicyToApply(m_frame, frameLoadRequest)); 1341 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request), formState, frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, FormState*formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) {1342 continueLoadAfterNewWindowPolicy(request, formState , frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy);1341 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) { 1342 continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy); 1343 1343 completionHandler(); 1344 1344 }); … … 1359 1359 policyChecker().stopCheck(); 1360 1360 policyChecker().setLoadType(newLoadType); 1361 policyChecker().checkNavigationPolicy(WTFMove(request), false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), formState, [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, FormState*, ShouldContinue shouldContinue) {1361 policyChecker().checkNavigationPolicy(WTFMove(request), false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), WTFMove(formState), [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, WeakPtr<FormState>&&, ShouldContinue shouldContinue) { 1362 1362 continueFragmentScrollAfterNavigationPolicy(request, shouldContinue == ShouldContinue::Yes); 1363 1363 }, PolicyDecisionMode::Synchronous); … … 1373 1373 request.setSystemPreviewRect(frameLoadRequest.systemPreviewRect()); 1374 1374 #endif 1375 loadWithNavigationAction(request, action, lockHistory, newLoadType, formState, allowNavigationToInvalidURL, [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] {1375 loadWithNavigationAction(request, action, lockHistory, newLoadType, WTFMove(formState), allowNavigationToInvalidURL, [this, isRedirect, sameURL, newLoadType, protectedFrame = makeRef(m_frame), completionHandler = completionHandlerCaller.release()] { 1376 1376 if (isRedirect) { 1377 1377 m_quickRedirectComing = false; … … 1420 1420 if (request.shouldCheckNewWindowPolicy()) { 1421 1421 NavigationAction action { request.requester(), request.resourceRequest(), InitiatedByMainFrame::Unknown, NavigationType::Other, request.shouldOpenExternalURLsPolicy() }; 1422 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request.resourceRequest()), nullptr, request.frameName(), [this] (const ResourceRequest& request, FormState*formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) {1423 continueLoadAfterNewWindowPolicy(request, formState , frameName, action, shouldContinue, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress);1422 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(request.resourceRequest()), { }, request.frameName(), [this] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) { 1423 continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress); 1424 1424 }); 1425 1425 … … 1438 1438 } 1439 1439 1440 void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, LockHistory lockHistory, FrameLoadType type, FormState*formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, CompletionHandler<void()>&& completionHandler)1440 void FrameLoader::loadWithNavigationAction(const ResourceRequest& request, const NavigationAction& action, LockHistory lockHistory, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, CompletionHandler<void()>&& completionHandler) 1441 1441 { 1442 1442 Ref<DocumentLoader> loader = m_client.createDocumentLoader(request, defaultSubstituteDataForURL(request.url())); … … 1450 1450 loader->setOverrideEncoding(m_documentLoader->overrideEncoding()); 1451 1451 1452 loadWithDocumentLoader(loader.ptr(), type, formState, allowNavigationToInvalidURL, NavigationPolicyCheck::Require, WTFMove(completionHandler));1452 loadWithDocumentLoader(loader.ptr(), type, WTFMove(formState), allowNavigationToInvalidURL, NavigationPolicyCheck::Require, WTFMove(completionHandler)); 1453 1453 } 1454 1454 … … 1489 1489 } 1490 1490 1491 loadWithDocumentLoader(newDocumentLoader, type, 0, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { });1492 } 1493 1494 void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, FormState*formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, NavigationPolicyCheck, CompletionHandler<void()>&& completionHandler)1491 loadWithDocumentLoader(newDocumentLoader, type, { }, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { }); 1492 } 1493 1494 void FrameLoader::loadWithDocumentLoader(DocumentLoader* loader, FrameLoadType type, RefPtr<FormState>&& formState, AllowNavigationToInvalidURL allowNavigationToInvalidURL, NavigationPolicyCheck, CompletionHandler<void()>&& completionHandler) 1495 1495 { 1496 1496 // Retain because dispatchBeforeLoadEvent may release the last reference to it. … … 1534 1534 oldDocumentLoader->setLastCheckedRequest(ResourceRequest()); 1535 1535 policyChecker().stopCheck(); 1536 policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), formState, [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, FormState*, ShouldContinue shouldContinue) {1536 policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, oldDocumentLoader.get(), WTFMove(formState), [this, protectedFrame = makeRef(m_frame)] (const ResourceRequest& request, WeakPtr<FormState>&&, ShouldContinue shouldContinue) { 1537 1537 continueFragmentScrollAfterNavigationPolicy(request, shouldContinue == ShouldContinue::Yes); 1538 1538 }, PolicyDecisionMode::Synchronous); … … 1556 1556 if (!m_stateMachine.committedFirstRealDocumentLoad() 1557 1557 && !ownerElement->dispatchBeforeLoadEvent(loader->request().url().string())) { 1558 continueLoadAfterNavigationPolicy(loader->request(), formState , ShouldContinue::No, allowNavigationToInvalidURL);1558 continueLoadAfterNavigationPolicy(loader->request(), formState.get(), ShouldContinue::No, allowNavigationToInvalidURL); 1559 1559 return; 1560 1560 } … … 1564 1564 1565 1565 if (!m_currentLoadShouldCheckNavigationPolicy) { 1566 continueLoadAfterNavigationPolicy(loader->request(), formState , ShouldContinue::Yes, allowNavigationToInvalidURL);1567 return; 1568 } 1569 1570 policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, loader, formState, [this, protectedFrame = makeRef(m_frame), allowNavigationToInvalidURL, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, FormState*formState, ShouldContinue shouldContinue) {1571 continueLoadAfterNavigationPolicy(request, formState , shouldContinue, allowNavigationToInvalidURL);1566 continueLoadAfterNavigationPolicy(loader->request(), formState.get(), ShouldContinue::Yes, allowNavigationToInvalidURL); 1567 return; 1568 } 1569 1570 policyChecker().checkNavigationPolicy(ResourceRequest(loader->request()), false /* didReceiveRedirectResponse */, loader, WTFMove(formState), [this, protectedFrame = makeRef(m_frame), allowNavigationToInvalidURL, completionHandler = completionHandlerCaller.release()] (const ResourceRequest& request, WeakPtr<FormState>&& formState, ShouldContinue shouldContinue) { 1571 continueLoadAfterNavigationPolicy(request, formState.get(), shouldContinue, allowNavigationToInvalidURL); 1572 1572 completionHandler(); 1573 1573 }); … … 1677 1677 loader->setOverrideEncoding(encoding); 1678 1678 1679 loadWithDocumentLoader(loader.ptr(), FrameLoadType::Reload, 0, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { });1679 loadWithDocumentLoader(loader.ptr(), FrameLoadType::Reload, { }, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { }); 1680 1680 } 1681 1681 … … 1724 1724 }; 1725 1725 1726 loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), 0, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { });1726 loadWithDocumentLoader(loader.ptr(), frameLoadTypeForReloadOptions(options), { }, AllowNavigationToInvalidURL::Yes, NavigationPolicyCheck::Require, [] { }); 1727 1727 } 1728 1728 … … 2833 2833 } 2834 2834 2835 void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& referrer, FrameLoadType loadType, Event* event, FormState*formState, CompletionHandler<void()>&& completionHandler)2835 void FrameLoader::loadPostRequest(FrameLoadRequest&& request, const String& referrer, FrameLoadType loadType, Event* event, RefPtr<FormState>&& formState, CompletionHandler<void()>&& completionHandler) 2836 2836 { 2837 2837 String frameName = request.frameName(); … … 2862 2862 if (!frameName.isEmpty()) { 2863 2863 // The search for a target frame is done earlier in the case of form submission. 2864 if ( Frame* targetFrame = formState ? 0: findFrameForNavigation(frameName)) {2864 if (auto* targetFrame = formState ? nullptr : findFrameForNavigation(frameName)) { 2865 2865 targetFrame->loader().loadWithNavigationAction(workingResourceRequest, action, lockHistory, loadType, WTFMove(formState), allowNavigationToInvalidURL, WTFMove(completionHandler)); 2866 2866 return; 2867 2867 } 2868 2868 2869 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(workingResourceRequest), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, FormState*formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) {2870 continueLoadAfterNewWindowPolicy(request, formState , frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy);2869 policyChecker().checkNewWindowPolicy(WTFMove(action), WTFMove(workingResourceRequest), WTFMove(formState), frameName, [this, allowNavigationToInvalidURL, openerPolicy, completionHandler = WTFMove(completionHandler)] (const ResourceRequest& request, WeakPtr<FormState>&& formState, const String& frameName, const NavigationAction& action, ShouldContinue shouldContinue) { 2870 continueLoadAfterNewWindowPolicy(request, formState.get(), frameName, action, shouldContinue, allowNavigationToInvalidURL, openerPolicy); 2871 2871 completionHandler(); 2872 2872 }); … … 3534 3534 3535 3535 documentLoader->setLastCheckedRequest(ResourceRequest()); 3536 loadWithDocumentLoader(documentLoader, loadType, 0, AllowNavigationToInvalidURL::Yes, navigationPolicyCheck, [] { });3536 loadWithDocumentLoader(documentLoader, loadType, { }, AllowNavigationToInvalidURL::Yes, navigationPolicyCheck, [] { }); 3537 3537 return; 3538 3538 } … … 3622 3622 action.setTargetBackForwardItem(item); 3623 3623 3624 loadWithNavigationAction(request, action, LockHistory::No, loadType, 0, AllowNavigationToInvalidURL::Yes, [] { });3624 loadWithNavigationAction(request, action, LockHistory::No, loadType, { }, AllowNavigationToInvalidURL::Yes, [] { }); 3625 3625 } 3626 3626 -
trunk/Source/WebCore/loader/FrameLoader.h
r232090 r232147 112 112 // FIXME: These are all functions which start loads. We have too many. 113 113 WEBCORE_EXPORT void loadURLIntoChildFrame(const URL&, const String& referer, Frame*); 114 WEBCORE_EXPORT void loadFrameRequest(FrameLoadRequest&&, Event*, FormState*); // Called by submitForm, calls loadPostRequest and loadURL.114 WEBCORE_EXPORT void loadFrameRequest(FrameLoadRequest&&, Event*, RefPtr<FormState>&&); // Called by submitForm, calls loadPostRequest and loadURL. 115 115 116 116 WEBCORE_EXPORT void load(FrameLoadRequest&&); … … 365 365 void urlSelected(FrameLoadRequest&&, Event*); 366 366 367 void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, FormState*, AllowNavigationToInvalidURL, NavigationPolicyCheck, CompletionHandler<void()>&&); // Calls continueLoadAfterNavigationPolicy367 void loadWithDocumentLoader(DocumentLoader*, FrameLoadType, RefPtr<FormState>&&, AllowNavigationToInvalidURL, NavigationPolicyCheck, CompletionHandler<void()>&&); // Calls continueLoadAfterNavigationPolicy 368 368 void load(DocumentLoader*); // Calls loadWithDocumentLoader 369 369 370 void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&, LockHistory, FrameLoadType, FormState*, AllowNavigationToInvalidURL, CompletionHandler<void()>&&); // Calls loadWithDocumentLoader371 372 void loadPostRequest(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*, CompletionHandler<void()>&&);373 void loadURL(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, FormState*, CompletionHandler<void()>&&);370 void loadWithNavigationAction(const ResourceRequest&, const NavigationAction&, LockHistory, FrameLoadType, RefPtr<FormState>&&, AllowNavigationToInvalidURL, CompletionHandler<void()>&&); // Calls loadWithDocumentLoader 371 372 void loadPostRequest(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, RefPtr<FormState>&&, CompletionHandler<void()>&&); 373 void loadURL(FrameLoadRequest&&, const String& referrer, FrameLoadType, Event*, RefPtr<FormState>&&, CompletionHandler<void()>&&); 374 374 375 375 bool shouldReload(const URL& currentURL, const URL& destinationURL); -
trunk/Source/WebCore/loader/NavigationScheduler.cpp
r231008 r232147 275 275 FrameLoadRequest frameLoadRequest { requestingDocument, requestingDocument.securityOrigin(), { }, { }, lockHistory(), lockBackForwardList(), MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Allow, shouldOpenExternalURLs(), initiatedByMainFrame() }; 276 276 m_submission->populateFrameLoadRequest(frameLoadRequest); 277 frame.loader().loadFrameRequest(WTFMove(frameLoadRequest), m_submission->event(), &m_submission->state());277 frame.loader().loadFrameRequest(WTFMove(frameLoadRequest), m_submission->event(), m_submission->takeState()); 278 278 } 279 279 -
trunk/Source/WebCore/loader/PolicyChecker.cpp
r232093 r232147 1 1 /* 2 * Copyright (C) 2006-201 6Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 4 4 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) … … 82 82 void PolicyChecker::checkNavigationPolicy(ResourceRequest&& newRequest, bool didReceiveRedirectResponse, NavigationPolicyDecisionFunction&& function) 83 83 { 84 checkNavigationPolicy(WTFMove(newRequest), didReceiveRedirectResponse, m_frame.loader().activeDocumentLoader(), nullptr, WTFMove(function));84 checkNavigationPolicy(WTFMove(newRequest), didReceiveRedirectResponse, m_frame.loader().activeDocumentLoader(), { }, WTFMove(function)); 85 85 } 86 86 … … 99 99 } 100 100 101 void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, bool didReceiveRedirectResponse, DocumentLoader* loader, FormState*formState, NavigationPolicyDecisionFunction&& function, PolicyDecisionMode policyDecisionMode)101 void PolicyChecker::checkNavigationPolicy(ResourceRequest&& request, bool didReceiveRedirectResponse, DocumentLoader* loader, RefPtr<FormState>&& formState, NavigationPolicyDecisionFunction&& function, PolicyDecisionMode policyDecisionMode) 102 102 { 103 103 NavigationAction action = loader->triggeringAction(); … … 110 110 // This avoids confusion on the part of the client. 111 111 if (equalIgnoringHeaderFields(request, loader->lastCheckedRequest()) || (!request.isNull() && request.url().isEmpty())) { 112 function(ResourceRequest(request), nullptr, ShouldContinue::Yes);112 function(ResourceRequest(request), { }, ShouldContinue::Yes); 113 113 loader->setLastCheckedRequest(WTFMove(request)); 114 114 return; … … 125 125 if (isBackForwardLoadType(m_loadType)) 126 126 m_loadType = FrameLoadType::Reload; 127 function(WTFMove(request), nullptr, shouldContinue ? ShouldContinue::Yes : ShouldContinue::No);127 function(WTFMove(request), { }, shouldContinue ? ShouldContinue::Yes : ShouldContinue::No); 128 128 return; 129 129 } … … 135 135 m_frame.ownerElement()->dispatchEvent(Event::create(eventNames().loadEvent, false, false)); 136 136 } 137 function(WTFMove(request), nullptr, ShouldContinue::No);137 function(WTFMove(request), { }, ShouldContinue::No); 138 138 return; 139 139 } … … 148 148 // Always allow QuickLook-generated URLs based on the protocol scheme. 149 149 if (!request.isNull() && isQuickLookPreviewURL(request.url())) 150 return function(WTFMove(request), formState, ShouldContinue::Yes);150 return function(WTFMove(request), makeWeakPtr(formState.get()), ShouldContinue::Yes); 151 151 #endif 152 152 … … 169 169 m_delegateIsDecidingNavigationPolicy = true; 170 170 String suggestedFilename = action.downloadAttribute().isEmpty() ? nullAtom() : action.downloadAttribute(); 171 m_frame.loader().client().dispatchDecidePolicyForNavigationAction(action, request, didReceiveRedirectResponse, formState , policyDecisionMode, [this, function = WTFMove(function), request = ResourceRequest(request), formState = makeRefPtr(formState), suggestedFilename = WTFMove(suggestedFilename), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable {171 m_frame.loader().client().dispatchDecidePolicyForNavigationAction(action, request, didReceiveRedirectResponse, formState.get(), policyDecisionMode, [this, function = WTFMove(function), request = ResourceRequest(request), formState = WTFMove(formState), suggestedFilename = WTFMove(suggestedFilename), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable { 172 172 m_delegateIsDecidingNavigationPolicy = false; 173 173 … … 184 184 if (!m_frame.loader().client().canHandleRequest(request)) { 185 185 handleUnimplementablePolicy(m_frame.loader().client().cannotShowURLError(request)); 186 return function({ }, nullptr, ShouldContinue::No);186 return function({ }, { }, ShouldContinue::No); 187 187 } 188 return function(WTFMove(request), formState.get(), ShouldContinue::Yes);188 return function(WTFMove(request), makeWeakPtr(formState.get()), ShouldContinue::Yes); 189 189 } 190 190 ASSERT_NOT_REACHED(); … … 192 192 } 193 193 194 void PolicyChecker::checkNewWindowPolicy(NavigationAction&& navigationAction, ResourceRequest&& request, FormState*formState, const String& frameName, NewWindowPolicyDecisionFunction&& function)194 void PolicyChecker::checkNewWindowPolicy(NavigationAction&& navigationAction, ResourceRequest&& request, RefPtr<FormState>&& formState, const String& frameName, NewWindowPolicyDecisionFunction&& function) 195 195 { 196 196 if (m_frame.document() && m_frame.document()->isSandboxed(SandboxPopups)) … … 202 202 auto blobURLLifetimeExtension = extendBlobURLLifetimeIfNecessary(request); 203 203 204 m_frame.loader().client().dispatchDecidePolicyForNewWindowAction(navigationAction, request, formState , frameName, [frame = makeRef(m_frame), request, formState = makeRefPtr(formState), frameName, navigationAction, function = WTFMove(function), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable {204 m_frame.loader().client().dispatchDecidePolicyForNewWindowAction(navigationAction, request, formState.get(), frameName, [frame = makeRef(m_frame), request, formState = WTFMove(formState), frameName, navigationAction, function = WTFMove(function), blobURLLifetimeExtension = WTFMove(blobURLLifetimeExtension)](PolicyAction policyAction) mutable { 205 205 switch (policyAction) { 206 206 case PolicyAction::Download: … … 214 214 RELEASE_ASSERT_NOT_REACHED(); 215 215 case PolicyAction::Use: 216 function(request, formState.get(), frameName, navigationAction, ShouldContinue::Yes);216 function(request, makeWeakPtr(formState.get()), frameName, navigationAction, ShouldContinue::Yes); 217 217 return; 218 218 } -
trunk/Source/WebCore/loader/PolicyChecker.h
r232093 r232147 1 1 /* 2 * Copyright (C) 2006-201 6Apple Inc. All rights reserved.2 * Copyright (C) 2006-2018 Apple Inc. All rights reserved. 3 3 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.torchmobile.com/) 4 4 * … … 32 32 #include "FrameLoaderTypes.h" 33 33 #include "ResourceRequest.h" 34 #include <wtf/WeakPtr.h> 34 35 #include <wtf/text/WTFString.h> 35 36 … … 60 61 enum class PolicyDecisionMode { Synchronous, Asynchronous }; 61 62 62 using NewWindowPolicyDecisionFunction = CompletionHandler<void(const ResourceRequest&, FormState*, const String& frameName, const NavigationAction&, ShouldContinue)>;63 using NavigationPolicyDecisionFunction = CompletionHandler<void(ResourceRequest&&, FormState*, ShouldContinue)>;63 using NewWindowPolicyDecisionFunction = CompletionHandler<void(const ResourceRequest&, WeakPtr<FormState>&&, const String& frameName, const NavigationAction&, ShouldContinue)>; 64 using NavigationPolicyDecisionFunction = CompletionHandler<void(ResourceRequest&&, WeakPtr<FormState>&&, ShouldContinue)>; 64 65 65 66 class PolicyChecker { … … 69 70 explicit PolicyChecker(Frame&); 70 71 71 void checkNavigationPolicy(ResourceRequest&&, bool didReceiveRedirectResponse, DocumentLoader*, FormState*, NavigationPolicyDecisionFunction&&, PolicyDecisionMode = PolicyDecisionMode::Asynchronous);72 void checkNavigationPolicy(ResourceRequest&&, bool didReceiveRedirectResponse, DocumentLoader*, RefPtr<FormState>&&, NavigationPolicyDecisionFunction&&, PolicyDecisionMode = PolicyDecisionMode::Asynchronous); 72 73 void checkNavigationPolicy(ResourceRequest&&, bool didReceiveRedirectResponse, NavigationPolicyDecisionFunction&&); 73 void checkNewWindowPolicy(NavigationAction&&, ResourceRequest&&, FormState*, const String& frameName, NewWindowPolicyDecisionFunction&&);74 void checkNewWindowPolicy(NavigationAction&&, ResourceRequest&&, RefPtr<FormState>&&, const String& frameName, NewWindowPolicyDecisionFunction&&); 74 75 75 76 void stopCheck(); -
trunk/Source/WebCore/page/ContextMenuController.cpp
r230211 r232147 197 197 return; 198 198 newPage->chrome().show(); 199 newPage->mainFrame().loader().loadFrameRequest(WTFMove(frameLoadRequest), nullptr, nullptr);199 newPage->mainFrame().loader().loadFrameRequest(WTFMove(frameLoadRequest), nullptr, { }); 200 200 } 201 201 … … 398 398 ResourceRequest resourceRequest { m_context.hitTestResult().absoluteLinkURL(), frame->loader().outgoingReferrer() }; 399 399 FrameLoadRequest frameLoadRequest { *frame->document(), frame->document()->securityOrigin(), resourceRequest, { }, LockHistory::No, LockBackForwardList::No, MaybeSendReferrer, AllowNavigationToInvalidURL::Yes, NewFrameOpenerPolicy::Suppress, targetFrame->isMainFrame() ? ShouldOpenExternalURLsPolicy::ShouldAllow : ShouldOpenExternalURLsPolicy::ShouldNotAllow, InitiatedByMainFrame::Unknown }; 400 targetFrame->loader().loadFrameRequest(WTFMove(frameLoadRequest), nullptr, nullptr);400 targetFrame->loader().loadFrameRequest(WTFMove(frameLoadRequest), nullptr, { }); 401 401 } else 402 402 openNewWindow(m_context.hitTestResult().absoluteLinkURL(), *frame, ShouldOpenExternalURLsPolicy::ShouldAllow);
Note: See TracChangeset
for help on using the changeset viewer.