Changeset 65381 in webkit
- Timestamp:
- Aug 15, 2010 8:34:25 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r65378 r65381 1 2010-08-15 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Don't try to replace a non-existent document after executing JavaScript URLs 6 https://bugs.webkit.org/show_bug.cgi?id=44024 7 8 Test what happens if a JavaScript URL returns a value after deleting 9 the frame it was supposed to operate on. 10 11 * fast/frames/javascript-url-for-deleted-frame-expected.txt: Added. 12 * fast/frames/javascript-url-for-deleted-frame.html: Added. 13 1 14 2010-08-14 Martin Robinson <mrobinson@igalia.com> 2 15 -
trunk/WebCore/ChangeLog
r65376 r65381 1 2010-08-15 Adam Barth <abarth@webkit.org> 2 3 Reviewed by Eric Seidel. 4 5 Don't try to replace a non-existent document after executing JavaScript URLs 6 https://bugs.webkit.org/show_bug.cgi?id=44024 7 8 Synchronous JavaScript execution is evil. Previously, the frame was 9 deleted after executing the JavaScript URL, so we'd get confused when 10 we tried to replace its document. 11 12 Test: fast/frames/javascript-url-for-deleted-frame.html 13 14 * bindings/ScriptControllerBase.cpp: 15 (WebCore::ScriptController::executeIfJavaScriptURL): 16 1 17 2010-08-14 Sheriff Bot <webkit.review.bot@gmail.com> 2 18 -
trunk/WebCore/bindings/ScriptControllerBase.cpp
r60014 r65381 73 73 return false; 74 74 75 if (m_frame->page() && !m_frame->page()->javaScriptURLsAreAllowed()) 75 if (!m_frame->page()) 76 return true; 77 78 if (!m_frame->page()->javaScriptURLsAreAllowed()) 76 79 return true; 77 80 78 81 if (m_frame->inViewSourceMode()) 79 82 return true; 83 84 // We need to hold onto the Frame here because executing script can 85 // destroy the frame. 86 RefPtr<Frame> protector(m_frame); 80 87 81 88 const int javascriptSchemeLength = sizeof("javascript:") - 1; … … 85 92 if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) 86 93 result = executeScript(decodedURL.substring(javascriptSchemeLength), userGesture, AllowXSS); 94 95 // If executing script caused this frame to be removed from the page, we 96 // don't want to try to replace its document! 97 if (!m_frame->page()) 98 return true; 87 99 88 100 String scriptResult;
Note: See TracChangeset
for help on using the changeset viewer.