[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
darin at chromium.org
darin at chromium.org
Wed Dec 22 11:36:32 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 4cb7eef7b48ed0e9e95c602eae8f33400246853b
Author: darin at chromium.org <darin at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jul 30 20:39:24 2010 +0000
2010-07-27 Darin Fisher <darin at chromium.org>
Reviewed by Brady Eidson.
History.pushState() + navigation operates on top frame when called from
nested context
https://bugs.webkit.org/show_bug.cgi?id=43080
Test: fast/loader/stateobjects/pushstate-in-iframe.html
* loader/HistoryController.cpp:
(WebCore::HistoryController::pushState): createTreeItem should be
called on the top-most HistoryController so that we properly clone
the HistoryItem tree starting at the root node.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64369 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 40add72..8fd7c4d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-07-27 Darin Fisher <darin at chromium.org>
+
+ Reviewed by Brady Eidson.
+
+ History.pushState() + navigation operates on top frame when called from
+ nested context
+ https://bugs.webkit.org/show_bug.cgi?id=43080
+
+ * fast/loader/stateobjects/pushstate-in-iframe-expected.txt: Added.
+ * fast/loader/stateobjects/pushstate-in-iframe.html: Added.
+ * fast/loader/stateobjects/resources/pushstate-in-iframe-child.html: Added.
+
2010-07-30 Martin Robinson <mrobinson at igalia.com>
Unreviewed.
diff --git a/LayoutTests/fast/loader/unload-hyperlink-targeted-expected.txt b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe-expected.txt
similarity index 100%
copy from LayoutTests/fast/loader/unload-hyperlink-targeted-expected.txt
copy to LayoutTests/fast/loader/stateobjects/pushstate-in-iframe-expected.txt
diff --git a/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html
new file mode 100644
index 0000000..d570806
--- /dev/null
+++ b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html
@@ -0,0 +1,7 @@
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+</script>
+<iframe src="resources/pushstate-in-iframe-child.html">
diff --git a/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html b/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html
new file mode 100644
index 0000000..158dcc8
--- /dev/null
+++ b/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html
@@ -0,0 +1,22 @@
+<script>
+onunload = function() {
+ // disable page cache
+}
+
+onpopstate = function() {
+ // Verify that we are still in an iframe
+ if (top == window) {
+ top.document.body.innerHTML = "FAIL";
+ } else {
+ top.document.body.innerHTML = "PASS";
+ }
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+onload = function() {
+ history.pushState(null, null);
+ history.pushState(null, null);
+ setTimeout(function() { history.back() }, 0);
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6b1199c..1e16401 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-07-27 Darin Fisher <darin at chromium.org>
+
+ Reviewed by Brady Eidson.
+
+ History.pushState() + navigation operates on top frame when called from
+ nested context
+ https://bugs.webkit.org/show_bug.cgi?id=43080
+
+ Test: fast/loader/stateobjects/pushstate-in-iframe.html
+
+ * loader/HistoryController.cpp:
+ (WebCore::HistoryController::pushState): createTreeItem should be
+ called on the top-most HistoryController so that we properly clone
+ the HistoryItem tree starting at the root node.
+
2010-07-30 fsamuel at chromium.org <fsamuel at chromium.org>
Reviewed by Dimitri Glazkov.
diff --git a/WebCore/loader/HistoryController.cpp b/WebCore/loader/HistoryController.cpp
index 5ccdf72..3028499 100644
--- a/WebCore/loader/HistoryController.cpp
+++ b/WebCore/loader/HistoryController.cpp
@@ -633,15 +633,15 @@ void HistoryController::pushState(PassRefPtr<SerializedScriptValue> stateObject,
ASSERT(page);
// Get a HistoryItem tree for the current frame tree.
- RefPtr<HistoryItem> item = createItemTree(m_frame, false);
- ASSERT(item->isTargetItem());
+ RefPtr<HistoryItem> topItem = page->mainFrame()->loader()->history()->createItemTree(m_frame, false);
// Override data in the target item to reflect the pushState() arguments.
- item->setTitle(title);
- item->setStateObject(stateObject);
- item->setURLString(urlString);
+ HistoryItem* targetItem = m_frame->loader()->history()->currentItem();
+ targetItem->setTitle(title);
+ targetItem->setStateObject(stateObject);
+ targetItem->setURLString(urlString);
- page->backForwardList()->pushStateItem(item.release());
+ page->backForwardList()->pushStateItem(topItem.release());
}
void HistoryController::replaceState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString)
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index 06e5e8e..de8ee7a 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,16 @@
+2010-07-27 Darin Fisher <darin at chromium.org>
+
+ Reviewed by Brady Eidson.
+
+ History.pushState() + navigation operates on top frame when called from
+ nested context
+ https://bugs.webkit.org/show_bug.cgi?id=43080
+
+ * src/FrameLoaderClientImpl.cpp:
+ (WebKit::FrameLoaderClientImpl::pluginLoadObserver): The WebDataSource
+ can be null if the Frame has already been detached from the Page. This
+ happens if a popstate event handler removes the frame.
+
2010-07-29 Jeremy Orlow <jorlow at chromium.org>
Reviewed by Steve Block.
diff --git a/WebKit/chromium/src/FrameLoaderClientImpl.cpp b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
index dae9348..b416e35 100644
--- a/WebKit/chromium/src/FrameLoaderClientImpl.cpp
+++ b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
@@ -1488,6 +1488,12 @@ PassOwnPtr<WebPluginLoadObserver> FrameLoaderClientImpl::pluginLoadObserver()
{
WebDataSourceImpl* ds = WebDataSourceImpl::fromDocumentLoader(
m_webFrame->frame()->loader()->activeDocumentLoader());
+ if (!ds) {
+ // We can arrive here if a popstate event handler detaches this frame.
+ // FIXME: Remove this code once http://webkit.org/b/36202 is fixed.
+ ASSERT(!m_webFrame->frame()->page());
+ return 0;
+ }
return ds->releasePluginLoadObserver();
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list