[webkit-changes] [123798] trunk

Thu, 26 Jul 2012 15:07:45 -0700

Title: [123798] trunk
Revision
123798
Author
[email protected]
Date
2012-07-26 15:07:20 -0700 (Thu, 26 Jul 2012)

Log Message

Guard Prerenderer against inserting prerenders into detached documents.
https://bugs.webkit.org/show_bug.cgi?id=92401

Reviewed by Adam Barth.

Source/WebCore:

If the document is detached, we should not launch a prerender.

Test: fast/dom/HTMLLinkElement/prerender-insert-after-stop.html

* loader/Prerenderer.cpp:
(WebCore::Prerenderer::render):

LayoutTests:

If the document is detached, we should just not launch a prerender.

* fast/dom/HTMLLinkElement/prerender-insert-after-stop-expected.txt: Added.
* fast/dom/HTMLLinkElement/prerender-insert-after-stop.html: Added.
* fast/dom/HTMLLinkElement/resources/empty2.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (123797 => 123798)


--- trunk/LayoutTests/ChangeLog	2012-07-26 22:03:48 UTC (rev 123797)
+++ trunk/LayoutTests/ChangeLog	2012-07-26 22:07:20 UTC (rev 123798)
@@ -1,3 +1,16 @@
+2012-07-26  Gavin Peters  <[email protected]>
+
+        Guard Prerenderer against inserting prerenders into detached documents.
+        https://bugs.webkit.org/show_bug.cgi?id=92401
+
+        Reviewed by Adam Barth.
+
+        If the document is detached, we should just not launch a prerender.
+
+        * fast/dom/HTMLLinkElement/prerender-insert-after-stop-expected.txt: Added.
+        * fast/dom/HTMLLinkElement/prerender-insert-after-stop.html: Added.
+        * fast/dom/HTMLLinkElement/resources/empty2.html: Added.
+
 2012-07-26  Andrew Wilson  <[email protected]>
 
         Unreviewed chromium expectations change to fix lint err.

Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop-expected.txt (0 => 123798)


--- trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop-expected.txt	2012-07-26 22:07:20 UTC (rev 123798)
@@ -0,0 +1,4 @@
+Test navigation and insertion of link prerender elements
+
+
+This test succeeds when it does not crash. The iframe above this text should also not crash, and should show "Another empty page."

Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop.html (0 => 123798)


--- trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/prerender-insert-after-stop.html	2012-07-26 22:07:20 UTC (rev 123798)
@@ -0,0 +1,36 @@
+<html>
+<head>
+<script>
+
+function done() {
+   if (window.testRunner)
+       testRunner.notifyDone();
+}
+
+function linkInserter(doc) {
+    return function() {
+        doc.getElementsByTagName('body')[0].innerHTML += "<link rel='prerender' href=''>";
+        done();
+    }
+}
+
+function navigateIFrameThenInsertLink() {
+    var iframe = document.getElementById('iframe');
+    iframe._onload_ = linkInserter(iframe.contentDocument);
+    iframe.contentWindow.location = "resources/empty2.html";
+}
+
+if (window.testRunner) {
+    testRunner.waitUntilDone();
+    testRunner.dumpAsText();
+}
+</script>
+</head>
+<body>
+<h1>Test navigation and insertion of link prerender elements</h1>
+
+<iframe id=iframe _onload_="navigateIFrameThenInsertLink()" src=""
+This test succeeds when it does not crash.  The iframe above this text should also not crash, and should show "Another empty page."
+
+</body>
+</html>

Added: trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/empty2.html (0 => 123798)


--- trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/empty2.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/HTMLLinkElement/resources/empty2.html	2012-07-26 22:07:20 UTC (rev 123798)
@@ -0,0 +1,3 @@
+<html>
+Another empty page.
+</html>

Modified: trunk/Source/WebCore/ChangeLog (123797 => 123798)


--- trunk/Source/WebCore/ChangeLog	2012-07-26 22:03:48 UTC (rev 123797)
+++ trunk/Source/WebCore/ChangeLog	2012-07-26 22:07:20 UTC (rev 123798)
@@ -1,3 +1,17 @@
+2012-07-26  Gavin Peters  <[email protected]>
+
+        Guard Prerenderer against inserting prerenders into detached documents.
+        https://bugs.webkit.org/show_bug.cgi?id=92401
+
+        Reviewed by Adam Barth.
+
+        If the document is detached, we should not launch a prerender.
+
+        Test: fast/dom/HTMLLinkElement/prerender-insert-after-stop.html
+
+        * loader/Prerenderer.cpp:
+        (WebCore::Prerenderer::render):
+
 2012-07-26  Sheriff Bot  <[email protected]>
 
         Unreviewed, rolling out r123525.

Modified: trunk/Source/WebCore/loader/Prerenderer.cpp (123797 => 123798)


--- trunk/Source/WebCore/loader/Prerenderer.cpp	2012-07-26 22:03:48 UTC (rev 123797)
+++ trunk/Source/WebCore/loader/Prerenderer.cpp	2012-07-26 22:07:20 UTC (rev 123798)
@@ -72,6 +72,10 @@
     // Prerenders are unlike requests in most ways (for instance, they pass down fragments, and they don't return data),
     // but they do have referrers.
     const ReferrerPolicy referrerPolicy = document()->referrerPolicy();
+    
+    if (!document()->frame())
+        return 0;
+
     const String referrer = SecurityPolicy::generateReferrerHeader(referrerPolicy, url, document()->frame()->loader()->outgoingReferrer());
 
     RefPtr<PrerenderHandle> prerenderHandle = PrerenderHandle::create(url, referrer, referrerPolicy);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to