[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

tonyg at chromium.org tonyg at chromium.org
Wed Dec 22 13:28:24 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 254d90f392c60ea5599c71c86fb0ab8e3548b0d2
Author: tonyg at chromium.org <tonyg at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Sep 16 16:12:23 2010 +0000

    2010-09-16  Tony Gentilcore  <tonyg at chromium.org>
    
            Reviewed by Adam Barth.
    
            Crash in WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions
            https://bugs.webkit.org/show_bug.cgi?id=45833
    
            * fast/parser/x-frame-options-detached-document-crash-expected.txt: Added.
            * fast/parser/x-frame-options-detached-document-crash.html: Added. Crashes before this patch.
    2010-09-16  Tony Gentilcore  <tonyg at chromium.org>
    
            Reviewed by Adam Barth.
    
            Crash in WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions
            https://bugs.webkit.org/show_bug.cgi?id=45833
    
            Test: fast/parser/x-frame-options-detached-document-crash.html
    
            * dom/Document.cpp:
            (WebCore::Document::processHttpEquiv): Other branches in this method already test for a null frame. So it seems to make sense to test that here as well.
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67627 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 3a4327e..9bd4045 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-16  Tony Gentilcore  <tonyg at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Crash in WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions
+        https://bugs.webkit.org/show_bug.cgi?id=45833
+
+        * fast/parser/x-frame-options-detached-document-crash-expected.txt: Added.
+        * fast/parser/x-frame-options-detached-document-crash.html: Added. Crashes before this patch.
+
 2010-09-14  Philippe Normand  <pnormand at igalia.com>
 
         Reviewed by Eric Carlson and Martin Robinson.
diff --git a/LayoutTests/fast/parser/x-frame-options-detached-document-crash-expected.txt b/LayoutTests/fast/parser/x-frame-options-detached-document-crash-expected.txt
new file mode 100755
index 0000000..cbcf58f
--- /dev/null
+++ b/LayoutTests/fast/parser/x-frame-options-detached-document-crash-expected.txt
@@ -0,0 +1 @@
+This checks that writing an X-Frame-Options meta tag to a detached document does not crash.
diff --git a/LayoutTests/fast/parser/x-frame-options-detached-document-crash.html b/LayoutTests/fast/parser/x-frame-options-detached-document-crash.html
new file mode 100644
index 0000000..4849aeb
--- /dev/null
+++ b/LayoutTests/fast/parser/x-frame-options-detached-document-crash.html
@@ -0,0 +1,13 @@
+This checks that writing an X-Frame-Options meta tag to a detached document does not crash.
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+<iframe id=foo></iframe>
+<script>
+  var fooFrame = document.getElementById('foo');
+  var fooDoc = fooFrame.contentWindow.document;
+  fooFrame.parentNode.removeChild(fooFrame);
+
+  fooDoc.write('<meta http-equiv="X-Frame-Options" content="deny"/>');
+</script>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c45dcb8..1a8213f 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-09-16  Tony Gentilcore  <tonyg at chromium.org>
+
+        Reviewed by Adam Barth.
+
+        Crash in WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions
+        https://bugs.webkit.org/show_bug.cgi?id=45833
+
+        Test: fast/parser/x-frame-options-detached-document-crash.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::processHttpEquiv): Other branches in this method already test for a null frame. So it seems to make sense to test that here as well.
+
 2010-09-16  Vangelis Kokkevis  <vangelis at chromium.org>
 
         Reviewed by Darin Fisher.
diff --git a/WebCore/dom/Document.cpp b/WebCore/dom/Document.cpp
index 12c18a0..d69366f 100644
--- a/WebCore/dom/Document.cpp
+++ b/WebCore/dom/Document.cpp
@@ -2513,13 +2513,15 @@ void Document::processHttpEquiv(const String& equiv, const String& content)
     else if (equalIgnoringCase(equiv, "x-dns-prefetch-control"))
         parseDNSPrefetchControlHeader(content);
     else if (equalIgnoringCase(equiv, "x-frame-options")) {
-        FrameLoader* frameLoader = frame->loader();
-        if (frameLoader->shouldInterruptLoadForXFrameOptions(content, url())) {
-            frameLoader->stopAllLoaders();
-            frame->redirectScheduler()->scheduleLocationChange(blankURL(), String());
-
-            DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to display document because display forbidden by X-Frame-Options.\n"));
-            frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
+        if (frame) {
+            FrameLoader* frameLoader = frame->loader();
+            if (frameLoader->shouldInterruptLoadForXFrameOptions(content, url())) {
+                frameLoader->stopAllLoaders();
+                frame->redirectScheduler()->scheduleLocationChange(blankURL(), String());
+
+                DEFINE_STATIC_LOCAL(String, consoleMessage, ("Refused to display document because display forbidden by X-Frame-Options.\n"));
+                frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage, 1, String());
+            }
         }
     }
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list