Changeset 261946 in webkit

Timestamp:

May 20, 2020, 1:14:23 PM (5 years ago)

Author:

Chris Dumez

Message:

Disable support for BeforeLoadEvent
​https://bugs.webkit.org/show_bug.cgi?id=212140
<rdar://problem/62847577>

Reviewed by Antti Koivisto.

Source/WebCore:

Disable support for BeforeLoadEvent. Other browsers do not support it and
Chrome dropped it shortly after the fork:

• ​https://bugs.chromium.org/p/chromium/issues/detail?id=333318

This is a synchronous event and therefore very dangerous.

Test: fast/frames/didBecomeCurrentDocumentInFrame-crash.html

• bindings/js/WebCoreBuiltinNames.h:
• dom/BeforeLoadEvent.idl:
• dom/Node.cpp:

(WebCore::Node::dispatchBeforeLoadEvent):

• page/RuntimeEnabledFeatures.h:

(WebCore::RuntimeEnabledFeatures::setLegacyBeforeLoadEventEnabled):
(WebCore::RuntimeEnabledFeatures::legacyBeforeLoadEventEnabled const):

LayoutTests:

• fast/frames/didBecomeCurrentDocumentInFrame-crash-expected.txt: Added.
• fast/frames/didBecomeCurrentDocumentInFrame-crash.html: Added.

Add layout test coverage for crash in <rdar://problem/62847577>.

• fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt:
• fast/dom/HTMLObjectElement/beforeload-set-text-crash-expected.txt: Removed.
• fast/dom/HTMLObjectElement/beforeload-set-text-crash.xhtml: Removed.
• fast/dom/HTMLScriptElement/async-onbeforeload-expected.txt: Removed.
• fast/dom/HTMLScriptElement/async-onbeforeload.html: Removed.
• fast/dom/HTMLScriptElement/defer-onbeforeload-expected.txt: Removed.
• fast/dom/HTMLScriptElement/defer-onbeforeload.html: Removed.
• fast/dom/HTMLScriptElement/move-in-beforeload-expected.txt: Removed.
• fast/dom/HTMLScriptElement/move-in-beforeload.html: Removed.
• fast/dom/HTMLScriptElement/remove-in-beforeload-expected.txt: Removed.
• fast/dom/HTMLScriptElement/remove-in-beforeload.html: Removed.
• fast/dom/beforeload/cached-image-before-load-expected.txt: Removed.
• fast/dom/beforeload/cached-image-before-load.html: Removed.
• fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/flash-before-load-expected.txt: Removed.
• fast/dom/beforeload/flash-before-load.html: Removed.
• fast/dom/beforeload/frame-before-load-expected.txt: Removed.
• fast/dom/beforeload/frame-before-load.html: Removed.
• fast/dom/beforeload/image-before-load-expected.txt: Removed.
• fast/dom/beforeload/image-before-load-innerHTML-expected.txt: Removed.
• fast/dom/beforeload/image-before-load-innerHTML.html: Removed.
• fast/dom/beforeload/image-before-load.html: Removed.
• fast/dom/beforeload/image-object-before-load-expected.txt: Removed.
• fast/dom/beforeload/image-object-before-load-innerHTML-expected.txt: Removed.
• fast/dom/beforeload/image-object-before-load-innerHTML.html: Removed.
• fast/dom/beforeload/image-object-before-load.html: Removed.
• fast/dom/beforeload/image-removed-during-before-load-expected.txt: Removed.
• fast/dom/beforeload/image-removed-during-before-load.html: Removed.
• fast/dom/beforeload/link-before-load-expected.txt: Removed.
• fast/dom/beforeload/link-before-load.html: Removed.
• fast/dom/beforeload/pi-before-load-expected.txt: Removed.
• fast/dom/beforeload/pi-before-load.xhtml: Removed.
• fast/dom/beforeload/recursive-css-pi-before-load-expected.txt: Removed.
• fast/dom/beforeload/recursive-css-pi-before-load.html: Removed.
• fast/dom/beforeload/recursive-link-before-load-expected.txt: Removed.
• fast/dom/beforeload/recursive-link-before-load.html: Removed.
• fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt: Removed.
• fast/dom/beforeload/recursive-xsl-pi-before-load.html: Removed.
• fast/dom/beforeload/remove-bad-object-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-bad-object-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-flash-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-flash-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-frame-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-frame-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-image-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-image-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-link-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-link-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-script-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-script-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-video-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-video-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/remove-video-poster-in-beforeload-listener-expected.txt: Removed.
• fast/dom/beforeload/remove-video-poster-in-beforeload-listener.html: Removed.
• fast/dom/beforeload/resources/content.xhtml: Removed.
• fast/dom/beforeload/resources/fail.css: Removed.
• fast/dom/beforeload/resources/fail.js: Removed.
• fast/dom/beforeload/resources/pass.css: Removed.
• fast/dom/beforeload/resources/print.js: Removed.
• fast/dom/beforeload/resources/test.xsl: Removed.
• fast/dom/beforeload/script-before-load-dynamic-expected.txt: Removed.
• fast/dom/beforeload/script-before-load-dynamic.html: Removed.
• fast/dom/beforeload/script-before-load-expected.txt: Removed.
• fast/dom/beforeload/script-before-load-xhtml-expected.txt: Removed.
• fast/dom/beforeload/script-before-load-xhtml.xhtml: Removed.
• fast/dom/beforeload/script-before-load.html: Removed.
• fast/dom/beforeload/video-before-load-expected.txt: Removed.
• fast/dom/beforeload/video-before-load.html: Removed.
• fast/events/constructors/before-load-event-constructor-expected.txt: Removed.
• fast/events/constructors/before-load-event-constructor.html: Removed.
• fast/events/event-attribute-expected.txt:
• fast/events/event-handler-regions-layout-expected.txt: Removed.
• fast/events/event-handler-regions-layout.html: Removed.
• fast/frames/crash-display-none-iframe-during-onbeforeload-expected.txt:
• fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update-expected.txt:
• fast/html/link-element-removal-during-beforeload-expected.txt: Removed.
• fast/html/link-element-removal-during-beforeload.html: Removed.
• fast/parser/document-write-fighting-eof-expected.txt: Removed.
• fast/parser/document-write-fighting-eof.html: Removed.
• fast/parser/document-write-partial-entity-before-load-expected.txt: Removed.
• fast/parser/document-write-partial-entity-before-load.html: Removed.
• fast/parser/remove-misnested-iframe-in-beforeload-expected.txt: Removed.
• fast/parser/remove-misnested-iframe-in-beforeload.html: Removed.
• fast/parser/remove-misnested-iframe-parent-in-beforeload-expected.txt: Removed.
• fast/parser/remove-misnested-iframe-parent-in-beforeload.html: Removed.
• fast/replaced/object-param-spaces-expected.txt: Removed.
• fast/replaced/object-param-spaces.html: Removed.
• fast/scrolling/marquee-scroll-crash-expected.txt:
• fast/tokenizer/write-before-load-expected.txt:
• http/tests/security/beforeload-iframe-client-redirect-expected.txt:
• http/tests/security/beforeload-iframe-server-redirect-expected.txt:
• http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
• http/tests/security/xssAuditor/object-embed-tag-control-char.html:
• http/tests/security/xssAuditor/object-embed-tag-expected.txt:
• http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
• http/tests/security/xssAuditor/object-embed-tag-null-char.html:
• http/tests/security/xssAuditor/object-embed-tag.html:
• http/tests/security/xssAuditor/object-src-inject.html:
• http/tests/security/xssAuditor/object-tag-expected.txt:
• http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
• http/tests/security/xssAuditor/object-tag-javascript-url.html:
• http/tests/security/xssAuditor/object-tag.html:
• http/tests/security/xssAuditor/resources/echo-intertag.pl:
• http/tests/security/xssAuditor/resources/echo-object-src.pl:
• http/tests/security/xssAuditor/resources/utilities.js:

(notifyDoneAfterReceivingLoaded):
(notifyDoneAfterReceivingBeforeloadFromIds): Deleted.

• plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt:

Update existing tests accordingly.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/TestExpectations (modified) (1 diff)
• LayoutTests/fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt (modified) (1 diff)
• LayoutTests/fast/dom/HTMLObjectElement/beforeload-set-text-crash-expected.txt (deleted)
• LayoutTests/fast/dom/HTMLObjectElement/beforeload-set-text-crash.xhtml (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/async-onbeforeload-expected.txt (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/async-onbeforeload.html (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/defer-onbeforeload-expected.txt (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/defer-onbeforeload.html (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/move-in-beforeload-expected.txt (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/move-in-beforeload.html (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/remove-in-beforeload-expected.txt (deleted)
• LayoutTests/fast/dom/HTMLScriptElement/remove-in-beforeload.html (deleted)
• LayoutTests/fast/dom/beforeload (deleted)
• LayoutTests/fast/events/constructors/before-load-event-constructor-expected.txt (deleted)
• LayoutTests/fast/events/constructors/before-load-event-constructor.html (deleted)
• LayoutTests/fast/events/event-attribute-expected.txt (modified) (1 diff)
• LayoutTests/fast/events/event-handler-regions-layout-expected.txt (deleted)
• LayoutTests/fast/events/event-handler-regions-layout.html (deleted)
• LayoutTests/fast/frames/crash-display-none-iframe-during-onbeforeload-expected.txt (modified) (1 diff)
• LayoutTests/fast/frames/didBecomeCurrentDocumentInFrame-crash-expected.txt (added)
• LayoutTests/fast/frames/didBecomeCurrentDocumentInFrame-crash.html (added)
• LayoutTests/fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update-expected.txt (modified) (1 diff)
• LayoutTests/fast/html/link-element-removal-during-beforeload-expected.txt (deleted)
• LayoutTests/fast/html/link-element-removal-during-beforeload.html (deleted)
• LayoutTests/fast/parser/document-write-fighting-eof-expected.txt (deleted)
• LayoutTests/fast/parser/document-write-fighting-eof.html (deleted)
• LayoutTests/fast/parser/document-write-partial-entity-before-load-expected.txt (deleted)
• LayoutTests/fast/parser/document-write-partial-entity-before-load.html (deleted)
• LayoutTests/fast/parser/remove-misnested-iframe-in-beforeload-expected.txt (deleted)
• LayoutTests/fast/parser/remove-misnested-iframe-in-beforeload.html (deleted)
• LayoutTests/fast/parser/remove-misnested-iframe-parent-in-beforeload-expected.txt (deleted)
• LayoutTests/fast/parser/remove-misnested-iframe-parent-in-beforeload.html (deleted)
• LayoutTests/fast/replaced/object-param-spaces-expected.txt (deleted)
• LayoutTests/fast/replaced/object-param-spaces.html (deleted)
• LayoutTests/fast/replaced/object-with-embed-url-param-expected.txt (deleted)
• LayoutTests/fast/replaced/object-with-embed-url-param.html (deleted)
• LayoutTests/fast/scrolling/marquee-scroll-crash-expected.txt (modified) (1 diff)
• LayoutTests/fast/tokenizer/write-before-load-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/cache/cancel-during-revalidation-succeeded-expected.txt (deleted)
• LayoutTests/http/tests/cache/cancel-during-revalidation-succeeded.html (deleted)
• LayoutTests/http/tests/media/video-play-stall-before-meta-data-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/plugins/navigation-during-load-embed-expected.txt (deleted)
• LayoutTests/http/tests/plugins/navigation-during-load-embed.html (deleted)
• LayoutTests/http/tests/plugins/navigation-during-load-expected.txt (deleted)
• LayoutTests/http/tests/plugins/navigation-during-load.html (deleted)
• LayoutTests/http/tests/security/beforeload-iframe-client-redirect-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/beforeload-iframe-server-redirect-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-src-inject.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/object-tag.html (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/resources/echo-object-src.pl (modified) (1 diff)
• LayoutTests/http/tests/security/xssAuditor/resources/utilities.js (modified) (1 diff)
• LayoutTests/js/dom/constructor-length.html (modified) (1 diff)
• LayoutTests/js/dom/modules/module-will-fire-beforeload-expected.txt (deleted)
• LayoutTests/js/dom/modules/module-will-fire-beforeload.html (deleted)
• LayoutTests/media/media-blocked-by-beforeload-expected.txt (deleted)
• LayoutTests/media/media-blocked-by-beforeload.html (deleted)
• LayoutTests/media/video-beforeload-remove-source-expected.txt (deleted)
• LayoutTests/media/video-beforeload-remove-source.html (deleted)
• LayoutTests/platform/glib/js/dom/constructor-length-expected.txt (modified) (1 diff)
• LayoutTests/platform/gtk/TestExpectations (modified) (1 diff)
• LayoutTests/platform/ios-wk1/TestExpectations (modified) (2 diffs)
• LayoutTests/platform/ios-wk2/TestExpectations (modified) (1 diff)
• LayoutTests/platform/ios/TestExpectations (modified) (1 diff)
• LayoutTests/platform/ios/js/dom/constructor-length-expected.txt (modified) (1 diff)
• LayoutTests/platform/mac/js/dom/constructor-length-expected.txt (modified) (1 diff)
• LayoutTests/platform/win/TestExpectations (modified) (1 diff)
• LayoutTests/platform/win/js/dom/constructor-length-expected.txt (modified) (1 diff)
• LayoutTests/platform/wincairo/js/dom/constructor-length-expected.txt (modified) (1 diff)
• LayoutTests/platform/wk2/TestExpectations (modified) (1 diff)
• LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/WebCoreBuiltinNames.h (modified) (1 diff)
• Source/WebCore/dom/BeforeLoadEvent.idl (modified) (1 diff)
• Source/WebCore/dom/Node.cpp (modified) (2 diffs)
• Source/WebCore/page/RuntimeEnabledFeatures.h (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-05-20  Chris Dumez  <cdumez@apple.com>
+
+        Disable support for BeforeLoadEvent
+        https://bugs.webkit.org/show_bug.cgi?id=212140
+        <rdar://problem/62847577>
+
+        Reviewed by Antti Koivisto.
+
+        * fast/frames/didBecomeCurrentDocumentInFrame-crash-expected.txt: Added.
+        * fast/frames/didBecomeCurrentDocumentInFrame-crash.html: Added.
+        Add layout test coverage for crash in <rdar://problem/62847577>.
+
+        * fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt:
+        * fast/dom/HTMLObjectElement/beforeload-set-text-crash-expected.txt: Removed.
+        * fast/dom/HTMLObjectElement/beforeload-set-text-crash.xhtml: Removed.
+        * fast/dom/HTMLScriptElement/async-onbeforeload-expected.txt: Removed.
+        * fast/dom/HTMLScriptElement/async-onbeforeload.html: Removed.
+        * fast/dom/HTMLScriptElement/defer-onbeforeload-expected.txt: Removed.
+        * fast/dom/HTMLScriptElement/defer-onbeforeload.html: Removed.
+        * fast/dom/HTMLScriptElement/move-in-beforeload-expected.txt: Removed.
+        * fast/dom/HTMLScriptElement/move-in-beforeload.html: Removed.
+        * fast/dom/HTMLScriptElement/remove-in-beforeload-expected.txt: Removed.
+        * fast/dom/HTMLScriptElement/remove-in-beforeload.html: Removed.
+        * fast/dom/beforeload/cached-image-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/cached-image-before-load.html: Removed.
+        * fast/dom/beforeload/clear-video-poster-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/flash-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/flash-before-load.html: Removed.
+        * fast/dom/beforeload/frame-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/frame-before-load.html: Removed.
+        * fast/dom/beforeload/image-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/image-before-load-innerHTML-expected.txt: Removed.
+        * fast/dom/beforeload/image-before-load-innerHTML.html: Removed.
+        * fast/dom/beforeload/image-before-load.html: Removed.
+        * fast/dom/beforeload/image-object-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/image-object-before-load-innerHTML-expected.txt: Removed.
+        * fast/dom/beforeload/image-object-before-load-innerHTML.html: Removed.
+        * fast/dom/beforeload/image-object-before-load.html: Removed.
+        * fast/dom/beforeload/image-removed-during-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/image-removed-during-before-load.html: Removed.
+        * fast/dom/beforeload/link-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/link-before-load.html: Removed.
+        * fast/dom/beforeload/pi-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/pi-before-load.xhtml: Removed.
+        * fast/dom/beforeload/recursive-css-pi-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/recursive-css-pi-before-load.html: Removed.
+        * fast/dom/beforeload/recursive-link-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/recursive-link-before-load.html: Removed.
+        * fast/dom/beforeload/recursive-xsl-pi-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/recursive-xsl-pi-before-load.html: Removed.
+        * fast/dom/beforeload/remove-bad-object-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-bad-object-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-flash-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-flash-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-frame-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-frame-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-image-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-image-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-link-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-link-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-script-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-script-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-video-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-video-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/remove-video-poster-in-beforeload-listener-expected.txt: Removed.
+        * fast/dom/beforeload/remove-video-poster-in-beforeload-listener.html: Removed.
+        * fast/dom/beforeload/resources/content.xhtml: Removed.
+        * fast/dom/beforeload/resources/fail.css: Removed.
+        * fast/dom/beforeload/resources/fail.js: Removed.
+        * fast/dom/beforeload/resources/pass.css: Removed.
+        * fast/dom/beforeload/resources/print.js: Removed.
+        * fast/dom/beforeload/resources/test.xsl: Removed.
+        * fast/dom/beforeload/script-before-load-dynamic-expected.txt: Removed.
+        * fast/dom/beforeload/script-before-load-dynamic.html: Removed.
+        * fast/dom/beforeload/script-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/script-before-load-xhtml-expected.txt: Removed.
+        * fast/dom/beforeload/script-before-load-xhtml.xhtml: Removed.
+        * fast/dom/beforeload/script-before-load.html: Removed.
+        * fast/dom/beforeload/video-before-load-expected.txt: Removed.
+        * fast/dom/beforeload/video-before-load.html: Removed.
+        * fast/events/constructors/before-load-event-constructor-expected.txt: Removed.
+        * fast/events/constructors/before-load-event-constructor.html: Removed.
+        * fast/events/event-attribute-expected.txt:
+        * fast/events/event-handler-regions-layout-expected.txt: Removed.
+        * fast/events/event-handler-regions-layout.html: Removed.
+        * fast/frames/crash-display-none-iframe-during-onbeforeload-expected.txt:
+        * fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update-expected.txt:
+        * fast/html/link-element-removal-during-beforeload-expected.txt: Removed.
+        * fast/html/link-element-removal-during-beforeload.html: Removed.
+        * fast/parser/document-write-fighting-eof-expected.txt: Removed.
+        * fast/parser/document-write-fighting-eof.html: Removed.
+        * fast/parser/document-write-partial-entity-before-load-expected.txt: Removed.
+        * fast/parser/document-write-partial-entity-before-load.html: Removed.
+        * fast/parser/remove-misnested-iframe-in-beforeload-expected.txt: Removed.
+        * fast/parser/remove-misnested-iframe-in-beforeload.html: Removed.
+        * fast/parser/remove-misnested-iframe-parent-in-beforeload-expected.txt: Removed.
+        * fast/parser/remove-misnested-iframe-parent-in-beforeload.html: Removed.
+        * fast/replaced/object-param-spaces-expected.txt: Removed.
+        * fast/replaced/object-param-spaces.html: Removed.
+        * fast/scrolling/marquee-scroll-crash-expected.txt:
+        * fast/tokenizer/write-before-load-expected.txt:
+        * http/tests/security/beforeload-iframe-client-redirect-expected.txt:
+        * http/tests/security/beforeload-iframe-server-redirect-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-control-char.html:
+        * http/tests/security/xssAuditor/object-embed-tag-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt:
+        * http/tests/security/xssAuditor/object-embed-tag-null-char.html:
+        * http/tests/security/xssAuditor/object-embed-tag.html:
+        * http/tests/security/xssAuditor/object-src-inject.html:
+        * http/tests/security/xssAuditor/object-tag-expected.txt:
+        * http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt:
+        * http/tests/security/xssAuditor/object-tag-javascript-url.html:
+        * http/tests/security/xssAuditor/object-tag.html:
+        * http/tests/security/xssAuditor/resources/echo-intertag.pl:
+        * http/tests/security/xssAuditor/resources/echo-object-src.pl:
+        * http/tests/security/xssAuditor/resources/utilities.js:
+        (notifyDoneAfterReceivingLoaded):
+        (notifyDoneAfterReceivingBeforeloadFromIds): Deleted.
+        * plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt:
+        Update existing tests accordingly.
+
 2020-05-20  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/LayoutTests/TestExpectations

@@ -1686 +1686 @@
 [ Debug ] fast/loader/document-with-fragment-url-3.html [ Pass Timeout ]
 [ Debug ] fast/loader/document-with-fragment-url-4.html [ Pass Timeout ]
-
-webkit.org/b/110546 [ Debug ] fast/parser/document-write-fighting-eof.html [ Skip ]
-webkit.org/b/110546 [ Debug ] fast/parser/document-write-partial-entity-before-load.html [ Skip ]
 
 webkit.org/b/85902 [ Debug ] fast/overflow/lots-of-sibling-inline-boxes.html [ Slow ]

trunk/LayoutTests/fast/dom/HTMLLinkElement/event-while-removing-attribute-expected.txt

@@ -4 +4 @@
 
 
-PASS Before load event handled for original link element.
-PASS Before load event handled for original link element.
-PASS Before load event handled for original link element.
 PASS successfullyParsed is true
 

trunk/LayoutTests/fast/events/event-attribute-expected.txt

@@ -4 +4 @@
 
 
-cancelled onbeforeload async
 PASS /*img*/ typeof (element["onclick"]) is "function"
 PASS /*img*/ typeof (element["oncontextmenu"]) is "function"

trunk/LayoutTests/fast/frames/crash-display-none-iframe-during-onbeforeload-expected.txt

@@ -1 +1 @@
 PASS if no crash or assert while loading the iframe.
+

trunk/LayoutTests/fast/frames/restoring-page-cache-should-not-run-scripts-via-style-update-expected.txt

@@ -1 +1 @@
 This tests that pageshow event is fired before the object element loads when a document in the page cache is restored.
 
-PASS
+Running...

trunk/LayoutTests/fast/scrolling/marquee-scroll-crash-expected.txt

@@ -1 @@
-Test passes if it does not crash.
+marquee

trunk/LayoutTests/fast/tokenizer/write-before-load-expected.txt

@@ -1 @@
-1 2 3 4 5 6 7
+1 2 5 6 7

trunk/LayoutTests/http/tests/media/video-play-stall-before-meta-data-expected.txt

@@ -2 +2 @@
 Test that stalling very early, while loading meta-data, stops delaying the load event.
 
-EVENT(beforeload)
 EVENT(loadstart)
 EVENT(stalled)

trunk/LayoutTests/http/tests/security/beforeload-iframe-client-redirect-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: http://127.0.0.1:8000/security/resources/client-redir.html?url=http://localhost:8000/security/resources/post-done.html
 This test produces output in the console. Only the initial URL should be logged. 

trunk/LayoutTests/http/tests/security/beforeload-iframe-server-redirect-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: http://127.0.0.1:8000/resources/redirect.php?url=http://localhost:8000/security/resources/post-done.html
 This test produces output in the console. Only the initial URL should be logged. 

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
 

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-control-char.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object", "embed"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /></object>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-control-char.html&wait-for-load=1&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%05' /></object>">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
 

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3Cembed%20id=%27embed%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%20src=%27http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
 

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag-null-char.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object", "embed"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /></object>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag-null-char.html&wait-for-load=1&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/sec%00urity/xssAuditor/resources/dummy.swf' /></object>">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/object-embed-tag.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object", "embed"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-embed-tag.html&wait-for-load=1&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /><embed id='embed' name='plugin' type='application/x-webkit-test-netscape' src='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/object-src-inject.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-object-src.pl?relay-target-ids-for-event=beforeload&q=http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-object-src.pl?wait-for-load=1&q=http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20name=%27plugin%27%20type=%27application/x-webkit-test-netscape%27%3E%3Cparam%20name=%27movie%27%20value=%27http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf%27%20/%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
 

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url-expected.txt

@@ -1 @@
-CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&relay-target-ids-for-event=beforeload&q=%3Cobject%20id=%27object%27%20data=%27javascript:alert(document.domain)%27%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
+CONSOLE MESSAGE: The XSS Auditor refused to execute a script in 'http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&wait-for-load=1&q=%3Cobject%20id=%27object%27%20data=%27javascript:alert(document.domain)%27%3E%3C/object%3E' because its source code was found within the request. The auditor was enabled because the server did not send an 'X-XSS-Protection' header.
 

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag-javascript-url.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&relay-target-ids-for-event=beforeload&q=<object id='object' data='javascript:alert(document.domain)'></object>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag-javascript-url.html&wait-for-load=1&q=<object id='object' data='javascript:alert(document.domain)'></object>">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/object-tag.html

@@ -8 +8 @@
   testRunner.setXSSAuditorEnabled(true);
   testRunner.waitUntilDone();
-  notifyDoneAfterReceivingBeforeloadFromIds(["object"]);
+  notifyDoneAfterReceivingLoaded();
 }
 </script>
 </head>
 <body>
-<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&relay-target-ids-for-event=beforeload&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
+<iframe src="http://localhost:8000/security/xssAuditor/resources/echo-intertag.pl?test=/security/xssAuditor/object-tag.html&wait-for-load=1&q=<object id='object' name='plugin' type='application/x-webkit-test-netscape'><param name='movie' value='http://127.0.0.1:8000/security/xssAuditor/resources/dummy.swf' /></object>">
 </iframe>
 </body>

trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-intertag.pl

@@ -79 +79 @@
 print "<!DOCTYPE html>\n";
 print "<html>\n";
-if ($cgi->param('relay-target-ids-for-event')) {
+if ($cgi->param('wait-for-load')) {
     print "<script>\n";
-    print "document.addEventListener('" . $cgi->param('relay-target-ids-for-event') . "', function(event) {\n";
-    print "    window.parent.postMessage(event.target.id, '*');\n";
-    print "}, true);\n";
+     print "onload = function() {\n";
+    print "    window.parent.postMessage('loaded', '*');\n";
+    print "}\n";
     print "</script>\n";
 }

trunk/LayoutTests/http/tests/security/xssAuditor/resources/echo-object-src.pl

@@ -9 +9 @@
 print "<!DOCTYPE html>\n";
 print "<html>\n";
-if ($cgi->param('relay-target-ids-for-event')) {
-    print "<script>\n";
-    print "document.addEventListener('" . $cgi->param('relay-target-ids-for-event') . "', function(event) {\n";
-    print "    window.parent.postMessage(event.target.id, '*');\n";
-    print "}, true);\n";
-    print "</script>\n";
-}
+print "<script>\n";
+print "onload = function() {\n";
+print "    window.parent.postMessage('loaded', '*');\n";
+print "}\n";
+print "</script>\n";
 print "<body>\n";
 print "<object id=\"object\" name=\"plugin\" type=\"application/x-webkit-test-netscape\">\n";

trunk/LayoutTests/http/tests/security/xssAuditor/resources/utilities.js

@@ -49 +49 @@
 }
 
-
-function notifyDoneAfterReceivingBeforeloadFromIds(ids)
+function notifyDoneAfterReceivingLoaded()
 {
-    var loadAttempted = 0;
     window.addEventListener("message", function(event) {
-        var index = ids.indexOf(event.data);
-        if (index == -1)
-            return;
-
-        loadAttempted = loadAttempted | (1 << index);
-        if (loadAttempted == (1 << ids.length) - 1)
+        if (event.data == "loaded")
             testRunner.notifyDone();
     }, false);

trunk/LayoutTests/js/dom/constructor-length.html

@@ -12 +12 @@
 shouldBe('AutocompleteErrorEvent.length', '1');
 shouldBe('AnimationEvent.length', '1');
-shouldBe('BeforeLoadEvent.length', '1');
 shouldBe('Blob.length', '0');
 shouldBe('CloseEvent.length', '1');

trunk/LayoutTests/platform/glib/js/dom/constructor-length-expected.txt

@@ -8 +8 @@
 FAIL AutocompleteErrorEvent.length should be 1. Threw exception ReferenceError: Can't find variable: AutocompleteErrorEvent
 PASS AnimationEvent.length is 1
-PASS BeforeLoadEvent.length is 1
 PASS Blob.length is 0
 PASS CloseEvent.length is 1

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -1552 +1552 @@
 webkit.org/b/89650 svg/W3C-SVG-1.1/struct-dom-06-b.svg [ Failure Pass ]
 
-webkit.org/b/89811 media/media-blocked-by-beforeload.html [ Failure Pass ]
 webkit.org/b/84856 media/media-controller-playback.html [ Crash Failure Timeout Pass ]
 

trunk/LayoutTests/platform/ios-wk1/TestExpectations

@@ -1557 +1557 @@
 fast/block/nested-renderers.html [ Crash Pass ]
 fast/box-shadow/box-shadow-with-zero-radius.html [ Pass ImageOnlyFailure ]
-fast/dom/HTMLObjectElement/beforeload-set-text-crash.xhtml [ Crash Pass ]
 fast/dom/URL-attribute-reflection.html [ Crash Pass ]
 fast/dynamic/window-scrollbars-test.html [ Failure Pass ]
@@ -1885 +1884 @@
 fast/canvas/canvas-createPattern-video-loading.html [ Skip ]
 fast/canvas/canvas-createPattern-video-modify.html [ Skip ]
-fast/dom/beforeload/video-before-load.html [ Skip ]
 fast/dom/FileList-iterator.html [ Skip ]
 fast/dom/HTMLAnchorElement/anchor-file-blob-download-no-extension.html [ Skip ]

trunk/LayoutTests/platform/ios-wk2/TestExpectations

@@ -1169 +1169 @@
 
 webkit.org/b/171957 fast/animation/request-animation-frame-time-unit.html [ Pass Failure ]
-
-webkit.org/b/172772 [ Release ] http/tests/cache/cancel-during-revalidation-succeeded.html [ Skip ]
 
 webkit.org/b/172454 http/tests/navigation/statistics.html [ Pass Failure ]

trunk/LayoutTests/platform/ios/TestExpectations

@@ -1755 +1755 @@
 fast/preloader/image-srcset.html [ Failure ]
 fast/replaced/invalid-object-with-fallback.html [ Failure ]
-fast/replaced/object-with-embed-url-param.html [ Failure ]
 fast/replaced/percent-height-in-anonymous-block.html [ Failure ]
 fast/ruby/ruby-block-style-not-updated-with-before-after-content.html [ Failure ]

trunk/LayoutTests/platform/ios/js/dom/constructor-length-expected.txt

@@ -8 +8 @@
 FAIL AutocompleteErrorEvent.length should be 1. Threw exception ReferenceError: Can't find variable: AutocompleteErrorEvent
 PASS AnimationEvent.length is 1
-PASS BeforeLoadEvent.length is 1
 PASS Blob.length is 0
 PASS CloseEvent.length is 1

trunk/LayoutTests/platform/mac/js/dom/constructor-length-expected.txt

@@ -8 +8 @@
 FAIL AutocompleteErrorEvent.length should be 1. Threw exception ReferenceError: Can't find variable: AutocompleteErrorEvent
 PASS AnimationEvent.length is 1
-PASS BeforeLoadEvent.length is 1
 PASS Blob.length is 0
 PASS CloseEvent.length is 1

trunk/LayoutTests/platform/win/TestExpectations

@@ -1058 +1058 @@
 media/controls-drag-timebar.html [ Skip ] # Timeout
 media/event-attributes.html [ Skip ] # Timeout
-media/media-blocked-by-beforeload.html [ Skip ] # Timeout
 media/media-captions.html [ Skip ] # Timeout
 media/media-continues-playing-after-replace-source.html [ Skip ] # Timeout

trunk/LayoutTests/platform/win/js/dom/constructor-length-expected.txt

@@ -8 +8 @@
 FAIL AutocompleteErrorEvent.length should be 1. Threw exception ReferenceError: Can't find variable: AutocompleteErrorEvent
 PASS AnimationEvent.length is 1
-PASS BeforeLoadEvent.length is 1
 PASS Blob.length is 0
 PASS CloseEvent.length is 1

trunk/LayoutTests/platform/wincairo/js/dom/constructor-length-expected.txt

@@ -8 +8 @@
 FAIL AutocompleteErrorEvent.length should be 1. Threw exception ReferenceError: Can't find variable: AutocompleteErrorEvent
 PASS AnimationEvent.length is 1
-PASS BeforeLoadEvent.length is 1
 PASS Blob.length is 0
 PASS CloseEvent.length is 1

trunk/LayoutTests/platform/wk2/TestExpectations

@@ -278 +278 @@
 # These tests use Flash, which is not a good idea, because it is not installed on all machines that run tests.
 # WebKitTestRunner detects attempts to use Flash, and raises an assertion.
-fast/dom/beforeload/flash-before-load.html [ Skip ]
-fast/dom/beforeload/remove-flash-in-beforeload-listener.html [ Skip ]
 fast/loader/sandboxed-plugin-crash.html [ Skip ]
 plugins/hidden-iframe-with-swf-plugin.html [ Skip ]

trunk/LayoutTests/plugins/unsupported-plugin-with-replacement-in-iframe-crash-expected.txt

@@ -1 +1 @@
 CONSOLE MESSAGE: 1. Updating the layout with an embed object inside an iframe
-CONSOLE MESSAGE: 2. beforeload for the object fires and dirties the style tree
 CONSOLE MESSAGE: Tried to use an unsupported plug-in.
 CONSOLE MESSAGE: 3. Updated layout. The test passed.

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-05-20  Chris Dumez  <cdumez@apple.com>
+
+        Disable support for BeforeLoadEvent
+        https://bugs.webkit.org/show_bug.cgi?id=212140
+        <rdar://problem/62847577>
+
+        Reviewed by Antti Koivisto.
+
+        Disable support for BeforeLoadEvent. Other browsers do not support it and
+        Chrome dropped it shortly after the fork:
+        - https://bugs.chromium.org/p/chromium/issues/detail?id=333318
+
+        This is a synchronous event and therefore very dangerous.
+
+        Test: fast/frames/didBecomeCurrentDocumentInFrame-crash.html
+
+        * bindings/js/WebCoreBuiltinNames.h:
+        * dom/BeforeLoadEvent.idl:
+        * dom/Node.cpp:
+        (WebCore::Node::dispatchBeforeLoadEvent):
+        * page/RuntimeEnabledFeatures.h:
+        (WebCore::RuntimeEnabledFeatures::setLegacyBeforeLoadEventEnabled):
+        (WebCore::RuntimeEnabledFeatures::legacyBeforeLoadEventEnabled const):
+
 2020-05-20  Zalan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/bindings/js/WebCoreBuiltinNames.h

@@ -53 +53 @@
     macro(AuthenticatorAttestationResponse) \
     macro(AuthenticatorResponse) \
+    macro(BeforeLoadEvent) \
     macro(BlobEvent) \
     macro(Cache) \

trunk/Source/WebCore/dom/BeforeLoadEvent.idl

@@ -26 +26 @@
 
 [
-    Constructor(DOMString type, optional BeforeLoadEventInit eventInitDict)
+    Constructor(DOMString type, optional BeforeLoadEventInit eventInitDict),
+    EnabledAtRuntime=LegacyBeforeLoadEvent
 ] interface BeforeLoadEvent : Event {
     readonly attribute DOMString url;

trunk/Source/WebCore/dom/Node.cpp

@@ -65 +65 @@
 #include "RenderTextControl.h"
 #include "RenderView.h"
+#include "RuntimeEnabledFeatures.h"
 #include "SVGElement.h"
 #include "ScopedEventQueue.h"
@@ -2411 +2412 @@
 bool Node::dispatchBeforeLoadEvent(const String& sourceURL)
 {
+    if (!RuntimeEnabledFeatures::sharedFeatures().legacyBeforeLoadEventEnabled())
+        return true;
+
     if (!document().hasListenerType(Document::BEFORELOAD_LISTENER))
         return true;

trunk/Source/WebCore/page/RuntimeEnabledFeatures.h

@@ -360 +360 @@
     bool cssLogicalEnabled() const { return m_CSSLogicalEnabled; }
 
+    void setLegacyBeforeLoadEventEnabled(bool isEnabled) { m_legacyBeforeLoadEventEnabled = isEnabled; }
+    bool legacyBeforeLoadEventEnabled() const { return m_legacyBeforeLoadEventEnabled; }
+
     void setLineHeightUnitsEnabled(bool isEnabled) { m_lineHeightUnitsEnabled = isEnabled; }
     bool lineHeightUnitsEnabled() const { return m_lineHeightUnitsEnabled; }
@@ -632 +635 @@
     bool m_needsInAppBrowserPrivacyQuirks { false };
 
+    bool m_legacyBeforeLoadEventEnabled { false };
+
 #if ENABLE(ACCESSIBILITY_ISOLATED_TREE)
     bool m_accessibilityIsolatedTree { false };