Changeset 94112 in webkit
- Timestamp:
- Aug 30, 2011 2:31:57 PM (13 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r94111 r94112 1 2011-08-30 Adam Barth <abarth@webkit.org> 2 3 Flaky crash with JavaScript URLs 4 https://bugs.webkit.org/show_bug.cgi?id=66360 5 6 Reviewed by Nate Chapin. 7 8 * fast/loader/javascript-url-iframe-crash-expected.txt: Added. 9 * fast/loader/javascript-url-iframe-crash.html: Added. 10 1 11 2011-08-30 Tony Gentilcore <tonyg@chromium.org> 2 12 -
trunk/Source/WebCore/ChangeLog
r94111 r94112 1 2011-08-30 Adam Barth <abarth@webkit.org> 2 3 Flaky crash with JavaScript URLs 4 https://bugs.webkit.org/show_bug.cgi?id=66360 5 6 Reviewed by Nate Chapin. 7 8 This patch teaches DocumentWriter::begin to make a copy of the URL 9 before beginning a new document to avoid a crash. 10 11 Test: fast/loader/javascript-url-iframe-crash.html 12 13 * loader/DocumentWriter.cpp: 14 (WebCore::DocumentWriter::begin): 15 1 16 2011-08-30 Tony Gentilcore <tonyg@chromium.org> 2 17 -
trunk/Source/WebCore/loader/DocumentWriter.cpp
r92298 r94112 107 107 } 108 108 109 void DocumentWriter::begin(const KURL& url , bool dispatch, SecurityOrigin* origin)109 void DocumentWriter::begin(const KURL& urlReference, bool dispatch, SecurityOrigin* origin) 110 110 { 111 111 // We need to take a reference to the security origin because |clear| 112 112 // might destroy the document that owns it. 113 113 RefPtr<SecurityOrigin> forcedSecurityOrigin = origin; 114 115 // We grab a local copy of the URL because it's easy for callers to supply 116 // a URL that will be deallocated during the execution of this function. 117 // For example, see <https://bugs.webkit.org/show_bug.cgi?id=66360>. 118 KURL url = urlReference; 114 119 115 120 // Create a new document before clearing the frame, because it may need to
Note: See TracChangeset
for help on using the changeset viewer.