2012-05-22 Emil A Eklund <eae@chromium.org>
+ Unreviewed rebaseline of fast/loader/recursive-before-unload-crash.html
+
+ * platform/chromium/fast/loader/recursive-before-unload-crash-expected.txt: Added.
+
+2012-05-22 Emil A Eklund <eae@chromium.org>
+
Even more unreviewed chromium test expectation updates.
* platform/chromium-linux-x86/platform/chromium/compositing/filters: Removed.
--- /dev/null
+CONSOLE MESSAGE: Blocked alert('onbeforeunload called, and iframe hasn't been added yet.') during beforeunload.
+ALERT: Adding iframe
+This test demonstrates a problem with our handling of the beforeunload event.
+If a script manages to try and navigate the frame from beforeunload - when a navigation is already pending - we end up blowing out the stack by recursively consulting the policy delegate then running onbeforeunload repeatedly.
+After this happens, the FrameLoader is in a bogus state where it thinks it is in the middle of a provisional load, but it doesn't have a provisional document loader.
+In this state, the frame is very difficult to navigate anywhere else, and attempts to load new things within the frame can result in a crash.
+This was reproducibly identified on sears.com following a bizarre Safari specific code path.
+Click here to run the beforeunload test and blow out the stack
+Click here to append an iframe and crash
+
projects / profile / ivi / webkit-efl.git / commitdiff