/[blink]
Chromium logo

Revision 154680


Jump to revision: Previous Next
Author: schenney@chromium.org
Date: Mon Jul 22 20:33:16 2013 UTC (9 years, 10 months ago)
Changed paths: 4
Log Message:
Protect documents from deletion when their onload removes them

When an XML document is the src of an iframe, and the onload method
changes the src to something else, the XML document may be garbage
collected before the original load is completed. Bad things result.

In this patch we protect the document in Document::finishedParsing.

R=abarth@chromium.org,eseidel@chromium.org,inferno@chromium.org
BUG=260428

Review URL: https://chromiumcodereview.appspot.com/19962002

Changed paths

Path Details
Directorytrunk/LayoutTests/loader/iframe-src-change-onload-crash-expected.txt added
Directorytrunk/LayoutTests/loader/iframe-src-change-onload-crash.html added
Directorytrunk/LayoutTests/loader/resources/empty.xml
(Copied from trunk/LayoutTests/animations/resources/dynamic-stylesheet-insertion-inserted.css, r154679)
added , props changed
Directorytrunk/Source/core/dom/Document.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help