[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

darin at chromium.org darin at chromium.org
Wed Dec 22 11:36:32 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 4cb7eef7b48ed0e9e95c602eae8f33400246853b
Author: darin at chromium.org <darin at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jul 30 20:39:24 2010 +0000

    2010-07-27  Darin Fisher  <darin at chromium.org>
    
            Reviewed by Brady Eidson.
    
            History.pushState() + navigation operates on top frame when called from
            nested context
            https://bugs.webkit.org/show_bug.cgi?id=43080
    
            Test: fast/loader/stateobjects/pushstate-in-iframe.html
    
            * loader/HistoryController.cpp:
            (WebCore::HistoryController::pushState): createTreeItem should be
            called on the top-most HistoryController so that we properly clone
            the HistoryItem tree starting at the root node.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@64369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 40add72..8fd7c4d 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-07-27  Darin Fisher  <darin at chromium.org>
+
+        Reviewed by Brady Eidson.
+
+        History.pushState() + navigation operates on top frame when called from
+        nested context
+        https://bugs.webkit.org/show_bug.cgi?id=43080
+
+        * fast/loader/stateobjects/pushstate-in-iframe-expected.txt: Added.
+        * fast/loader/stateobjects/pushstate-in-iframe.html: Added.
+        * fast/loader/stateobjects/resources/pushstate-in-iframe-child.html: Added.
+
 2010-07-30  Martin Robinson  <mrobinson at igalia.com>
 
         Unreviewed.
diff --git a/LayoutTests/fast/loader/unload-hyperlink-targeted-expected.txt b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe-expected.txt
similarity index 100%
copy from LayoutTests/fast/loader/unload-hyperlink-targeted-expected.txt
copy to LayoutTests/fast/loader/stateobjects/pushstate-in-iframe-expected.txt
diff --git a/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html
new file mode 100644
index 0000000..d570806
--- /dev/null
+++ b/LayoutTests/fast/loader/stateobjects/pushstate-in-iframe.html
@@ -0,0 +1,7 @@
+<script>
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.waitUntilDone();
+}
+</script>
+<iframe src="resources/pushstate-in-iframe-child.html">
diff --git a/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html b/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html
new file mode 100644
index 0000000..158dcc8
--- /dev/null
+++ b/LayoutTests/fast/loader/stateobjects/resources/pushstate-in-iframe-child.html
@@ -0,0 +1,22 @@
+<script>
+onunload = function() {
+  // disable page cache
+}
+
+onpopstate = function() {
+  // Verify that we are still in an iframe
+  if (top == window) {
+    top.document.body.innerHTML = "FAIL";
+  } else {
+    top.document.body.innerHTML = "PASS";
+  }
+  if (window.layoutTestController)
+    layoutTestController.notifyDone();
+}
+
+onload = function() {
+  history.pushState(null, null);
+  history.pushState(null, null);
+  setTimeout(function() { history.back() }, 0);
+}
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 6b1199c..1e16401 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-07-27  Darin Fisher  <darin at chromium.org>
+
+        Reviewed by Brady Eidson.
+
+        History.pushState() + navigation operates on top frame when called from
+        nested context
+        https://bugs.webkit.org/show_bug.cgi?id=43080
+
+        Test: fast/loader/stateobjects/pushstate-in-iframe.html
+
+        * loader/HistoryController.cpp:
+        (WebCore::HistoryController::pushState): createTreeItem should be
+        called on the top-most HistoryController so that we properly clone
+        the HistoryItem tree starting at the root node.
+
 2010-07-30  fsamuel at chromium.org  <fsamuel at chromium.org>
 
         Reviewed by Dimitri Glazkov.
diff --git a/WebCore/loader/HistoryController.cpp b/WebCore/loader/HistoryController.cpp
index 5ccdf72..3028499 100644
--- a/WebCore/loader/HistoryController.cpp
+++ b/WebCore/loader/HistoryController.cpp
@@ -633,15 +633,15 @@ void HistoryController::pushState(PassRefPtr<SerializedScriptValue> stateObject,
     ASSERT(page);
 
     // Get a HistoryItem tree for the current frame tree.
-    RefPtr<HistoryItem> item = createItemTree(m_frame, false);
-    ASSERT(item->isTargetItem());
+    RefPtr<HistoryItem> topItem = page->mainFrame()->loader()->history()->createItemTree(m_frame, false);
     
     // Override data in the target item to reflect the pushState() arguments.
-    item->setTitle(title);
-    item->setStateObject(stateObject);
-    item->setURLString(urlString);
+    HistoryItem* targetItem = m_frame->loader()->history()->currentItem();
+    targetItem->setTitle(title);
+    targetItem->setStateObject(stateObject);
+    targetItem->setURLString(urlString);
 
-    page->backForwardList()->pushStateItem(item.release());
+    page->backForwardList()->pushStateItem(topItem.release());
 }
 
 void HistoryController::replaceState(PassRefPtr<SerializedScriptValue> stateObject, const String& title, const String& urlString)
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index 06e5e8e..de8ee7a 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,16 @@
+2010-07-27  Darin Fisher  <darin at chromium.org>
+
+        Reviewed by Brady Eidson.
+
+        History.pushState() + navigation operates on top frame when called from
+        nested context
+        https://bugs.webkit.org/show_bug.cgi?id=43080
+
+        * src/FrameLoaderClientImpl.cpp:
+        (WebKit::FrameLoaderClientImpl::pluginLoadObserver): The WebDataSource
+        can be null if the Frame has already been detached from the Page.  This
+        happens if a popstate event handler removes the frame.
+
 2010-07-29  Jeremy Orlow  <jorlow at chromium.org>
 
         Reviewed by Steve Block.
diff --git a/WebKit/chromium/src/FrameLoaderClientImpl.cpp b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
index dae9348..b416e35 100644
--- a/WebKit/chromium/src/FrameLoaderClientImpl.cpp
+++ b/WebKit/chromium/src/FrameLoaderClientImpl.cpp
@@ -1488,6 +1488,12 @@ PassOwnPtr<WebPluginLoadObserver> FrameLoaderClientImpl::pluginLoadObserver()
 {
     WebDataSourceImpl* ds = WebDataSourceImpl::fromDocumentLoader(
         m_webFrame->frame()->loader()->activeDocumentLoader());
+    if (!ds) {
+        // We can arrive here if a popstate event handler detaches this frame.
+        // FIXME: Remove this code once http://webkit.org/b/36202 is fixed.
+        ASSERT(!m_webFrame->frame()->page());
+        return 0;
+    }
     return ds->releasePluginLoadObserver();
 }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list