<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[195496] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/195496">195496</a></dd>
<dt>Author</dt> <dd>cdumez@apple.com</dd>
<dt>Date</dt> <dd>2016-01-22 17:04:59 -0800 (Fri, 22 Jan 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Document.open / Document.write should be prevented while the document is being unloaded
https://bugs.webkit.org/show_bug.cgi?id=153255
<rdar://problem/22741293>
Reviewed by Ryosuke Niwa.
Source/WebCore:
Document.open / Document.write should be prevented while the document
is being unloaded, as per the HTML specification:
- https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
- https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
This patch is aligning our behavior with the specification and Firefox.
Calling Document.open / Document.write during the document was being
unloaded would cause us to crash as this was unexpected.
Tests: fast/frames/page-hide-document-open.html
fast/frames/page-unload-document-open.html
* WebCore.xcodeproj/project.pbxproj:
Add new IgnoreOpensDuringUnloadCountIncrementer.h header.
* dom/Document.cpp:
(WebCore::Document::open):
Abort if the document's ignore-opens-during-unload counter is greater
than zero, as per:
https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
(WebCore::Document::write):
Abort if the insertion point is undefined and the document's
ignore-opens-during-unload counter is greater than zero, as per:
https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
* dom/Document.h:
Add data member to maintain the document's ignore-opens-during-unload counter:
https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
* dom/IgnoreOpensDuringUnloadCountIncrementer.h: Added.
Add utility class to increment / decrement a document's
ignore-opens-during-unload counter.
* history/CachedFrame.cpp:
(WebCore::CachedFrame::CachedFrame):
When a page goes into PageCache, we don't end up calling
FrameLoader::detachChildren() so we need to increment the document's
ignore-opens-during-unload counter before calling stopLoading() on each
subframe.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::detachChildren):
detachChildren() will end up firing the pagehide / unload events in each
child frame so we increment the parent frame's document's
ignore-opens-during-unload counter. This behavior matches the text of:
https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
As per the spec, the document's ignore-opens-during-unload counter should
be incremented before firing the pagehide / unload events at the document's
Window object. It should be decremented only after firing the pagehide /
unload events in each subframe. This is needed in case a subframe tries to
call document.open / document.write on a parent frame's document, from its
pagehide or unload handler.
(WebCore::FrameLoader::dispatchUnloadEvents):
Increment the document's ignore-opens-during-unload counter before firing
the pagehide / unload events and decrement it after. As per the spec, we
are not supposed to decrement this early. We actually supposed to wait
until the pagehide / unload events have been fired in all the subframes.
For this reason, we take care of re-incrementing the document's
ignore-opens-during-unload in detachChildren(), which will take care of
firing the pagehide / unload in the subframes.
LayoutTests:
Add layout tests that cover calling Document.open / Document.write from
unload and pagehide handlers.
* fast/frames/page-hide-document-open-expected.txt: Added.
* fast/frames/page-hide-document-open.html: Added.
* fast/frames/page-unload-document-open-expected.txt: Added.
* fast/frames/page-unload-document-open.html: Added.
* fast/frames/resources/finish-test.html: Added.
* fast/frames/resources/page-hide-document-open-frame.html: Added.
* fast/frames/resources/page-hide-document-open-win.html: Added.
* fast/frames/resources/page-unload-document-open-frame.html: Added.
* fast/frames/resources/page-unload-document-open-win.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreWebCorexcodeprojprojectpbxproj">trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceWebCoredomDocumentcpp">trunk/Source/WebCore/dom/Document.cpp</a></li>
<li><a href="#trunkSourceWebCoredomDocumenth">trunk/Source/WebCore/dom/Document.h</a></li>
<li><a href="#trunkSourceWebCorehistoryCachedFramecpp">trunk/Source/WebCore/history/CachedFrame.cpp</a></li>
<li><a href="#trunkSourceWebCoreloaderFrameLoadercpp">trunk/Source/WebCore/loader/FrameLoader.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsfastframespagehidedocumentopenexpectedtxt">trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastframespagehidedocumentopenhtml">trunk/LayoutTests/fast/frames/page-hide-document-open.html</a></li>
<li><a href="#trunkLayoutTestsfastframespageunloaddocumentopenexpectedtxt">trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt</a></li>
<li><a href="#trunkLayoutTestsfastframespageunloaddocumentopenhtml">trunk/LayoutTests/fast/frames/page-unload-document-open.html</a></li>
<li><a href="#trunkLayoutTestsfastframesresourcesfinishtesthtml">trunk/LayoutTests/fast/frames/resources/finish-test.html</a></li>
<li><a href="#trunkLayoutTestsfastframesresourcespagehidedocumentopenframehtml">trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html</a></li>
<li><a href="#trunkLayoutTestsfastframesresourcespagehidedocumentopenwinhtml">trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html</a></li>
<li><a href="#trunkLayoutTestsfastframesresourcespageunloaddocumentopenframehtml">trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html</a></li>
<li><a href="#trunkLayoutTestsfastframesresourcespageunloaddocumentopenwinhtml">trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html</a></li>
<li><a href="#trunkSourceWebCoredomIgnoreOpensDuringUnloadCountIncrementerh">trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/LayoutTests/ChangeLog 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2016-01-22 Chris Dumez <cdumez@apple.com>
+
+ Document.open / Document.write should be prevented while the document is being unloaded
+ https://bugs.webkit.org/show_bug.cgi?id=153255
+ <rdar://problem/22741293>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add layout tests that cover calling Document.open / Document.write from
+ unload and pagehide handlers.
+
+ * fast/frames/page-hide-document-open-expected.txt: Added.
+ * fast/frames/page-hide-document-open.html: Added.
+ * fast/frames/page-unload-document-open-expected.txt: Added.
+ * fast/frames/page-unload-document-open.html: Added.
+ * fast/frames/resources/finish-test.html: Added.
+ * fast/frames/resources/page-hide-document-open-frame.html: Added.
+ * fast/frames/resources/page-hide-document-open-win.html: Added.
+ * fast/frames/resources/page-unload-document-open-frame.html: Added.
+ * fast/frames/resources/page-unload-document-open-win.html: Added.
+
</ins><span class="cx"> 2016-01-22 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Modern IDB: Implement put, get, and delete records for the SQLite backend.
</span></span></pre></div>
<a id="trunkLayoutTestsfastframespagehidedocumentopenexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/page-hide-document-open-expected.txt 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1 @@
</span><ins>+Passes if it does not crash.
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframespagehidedocumentopenhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/page-hide-document-open.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/page-hide-document-open.html (rev 0)
+++ trunk/LayoutTests/fast/frames/page-hide-document-open.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+<!DOCTYPE html>
+Passes if it does not crash.
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.overridePreference('WebKitUsesPageCachePreferenceKey', 1);
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+}
+win = window.open("resources/page-hide-document-open-win.html");
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframespageunloaddocumentopenexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/frames/page-unload-document-open-expected.txt 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+frame "<!--framePath //<!--frame0-->-->" - has 1 onunload handler(s)
+Passes if it does not crash.
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframespageunloaddocumentopenhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/page-unload-document-open.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/page-unload-document-open.html (rev 0)
+++ trunk/LayoutTests/fast/frames/page-unload-document-open.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+<!DOCTYPE html>
+Passes if it does not crash.
+<script>
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.setCanOpenWindows();
+ testRunner.waitUntilDone();
+}
+win = window.open("resources/page-unload-document-open-win.html");
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframesresourcesfinishtesthtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/resources/finish-test.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/resources/finish-test.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/finish-test.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,7 @@
</span><ins>+<!DOCTYPE html>
+<script>
+onload = function() {
+ if (window.testRunner)
+ testRunner.notifyDone();
+};
+</script>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframesresourcespagehidedocumentopenframehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-hide-document-open-frame.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function runTest()
+{
+ parent.document.open();
+ parent.document.write('FAIL: document.open() has canceled the navigation');
+ parent.document.close();
+}
+</script>
+</head>
+<body onpagehide="runTest()">
+<p>FAIL
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframesresourcespagehidedocumentopenwinhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-hide-document-open-win.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+onload = function() {
+ setTimeout(function() { document.links[0].click() }, 0);
+};
+</script>
+</head>
+<body>
+<p><a href="finish-test.html">Run Test</a>
+<p><iframe src="page-hide-document-open-frame.html"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframesresourcespageunloaddocumentopenframehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-unload-document-open-frame.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function runTest()
+{
+ parent.document.open();
+ parent.document.write('FAIL: document.open() has canceled the navigation');
+ parent.document.close();
+}
+</script>
+</head>
+<body onunload="runTest()">
+<p>FAIL
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsfastframesresourcespageunloaddocumentopenwinhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html (rev 0)
+++ trunk/LayoutTests/fast/frames/resources/page-unload-document-open-win.html 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,14 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<head>
+<script>
+onload = function() {
+ setTimeout(function() { document.links[0].click() }, 0);
+};
+</script>
+</head>
+<body>
+<p><a href="finish-test.html">Run Test</a>
+<p><iframe src="page-unload-document-open-frame.html"></iframe>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/ChangeLog 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -1,3 +1,75 @@
</span><ins>+2016-01-22 Chris Dumez <cdumez@apple.com>
+
+ Document.open / Document.write should be prevented while the document is being unloaded
+ https://bugs.webkit.org/show_bug.cgi?id=153255
+ <rdar://problem/22741293>
+
+ Reviewed by Ryosuke Niwa.
+
+ Document.open / Document.write should be prevented while the document
+ is being unloaded, as per the HTML specification:
+ - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
+ - https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
+
+ This patch is aligning our behavior with the specification and Firefox.
+ Calling Document.open / Document.write during the document was being
+ unloaded would cause us to crash as this was unexpected.
+
+ Tests: fast/frames/page-hide-document-open.html
+ fast/frames/page-unload-document-open.html
+
+ * WebCore.xcodeproj/project.pbxproj:
+ Add new IgnoreOpensDuringUnloadCountIncrementer.h header.
+
+ * dom/Document.cpp:
+ (WebCore::Document::open):
+ Abort if the document's ignore-opens-during-unload counter is greater
+ than zero, as per:
+ https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open (step 6)
+
+ (WebCore::Document::write):
+ Abort if the insertion point is undefined and the document's
+ ignore-opens-during-unload counter is greater than zero, as per:
+ https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write (step 3)
+
+ * dom/Document.h:
+ Add data member to maintain the document's ignore-opens-during-unload counter:
+ https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
+
+ * dom/IgnoreOpensDuringUnloadCountIncrementer.h: Added.
+ Add utility class to increment / decrement a document's
+ ignore-opens-during-unload counter.
+
+ * history/CachedFrame.cpp:
+ (WebCore::CachedFrame::CachedFrame):
+ When a page goes into PageCache, we don't end up calling
+ FrameLoader::detachChildren() so we need to increment the document's
+ ignore-opens-during-unload counter before calling stopLoading() on each
+ subframe.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::detachChildren):
+ detachChildren() will end up firing the pagehide / unload events in each
+ child frame so we increment the parent frame's document's
+ ignore-opens-during-unload counter. This behavior matches the text of:
+ https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+
+ As per the spec, the document's ignore-opens-during-unload counter should
+ be incremented before firing the pagehide / unload events at the document's
+ Window object. It should be decremented only after firing the pagehide /
+ unload events in each subframe. This is needed in case a subframe tries to
+ call document.open / document.write on a parent frame's document, from its
+ pagehide or unload handler.
+
+ (WebCore::FrameLoader::dispatchUnloadEvents):
+ Increment the document's ignore-opens-during-unload counter before firing
+ the pagehide / unload events and decrement it after. As per the spec, we
+ are not supposed to decrement this early. We actually supposed to wait
+ until the pagehide / unload events have been fired in all the subframes.
+ For this reason, we take care of re-incrementing the document's
+ ignore-opens-during-unload in detachChildren(), which will take care of
+ firing the pagehide / unload in the subframes.
+
</ins><span class="cx"> 2016-01-22 Brady Eidson <beidson@apple.com>
</span><span class="cx">
</span><span class="cx"> Modern IDB: Implement put, get, and delete records for the SQLite backend.
</span></span></pre></div>
<a id="trunkSourceWebCoreWebCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -1700,6 +1700,7 @@
</span><span class="cx"> 463EB6221B8789E00096ED51 /* TagCollection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 463EB6201B8789CB0096ED51 /* TagCollection.cpp */; };
</span><span class="cx"> 463EB6231B8789E00096ED51 /* TagCollection.h in Headers */ = {isa = PBXBuildFile; fileRef = 463EB6211B8789CB0096ED51 /* TagCollection.h */; };
</span><span class="cx"> 4669B2871B852A0B000F905F /* JSDOMNamedFlowCollectionCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46F2768E1B85297F005C2556 /* JSDOMNamedFlowCollectionCustom.cpp */; };
</span><ins>+ 467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */ = {isa = PBXBuildFile; fileRef = 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */; };
</ins><span class="cx"> 4689F1AF1267BAE100E8D380 /* FileMetadata.h in Headers */ = {isa = PBXBuildFile; fileRef = 4689F1AE1267BAE100E8D380 /* FileMetadata.h */; };
</span><span class="cx"> 46C83EFD1A9BBE2900A79A41 /* GeoNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 46C83EFB1A9BBE2900A79A41 /* GeoNotifier.cpp */; };
</span><span class="cx"> 46C83EFE1A9BBE2900A79A41 /* GeoNotifier.h in Headers */ = {isa = PBXBuildFile; fileRef = 46C83EFC1A9BBE2900A79A41 /* GeoNotifier.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -9120,6 +9121,7 @@
</span><span class="cx"> 4634592B1AC2271000ECB71C /* PowerObserverMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PowerObserverMac.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 463EB6201B8789CB0096ED51 /* TagCollection.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TagCollection.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 463EB6211B8789CB0096ED51 /* TagCollection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TagCollection.h; sourceTree = "<group>"; };
</span><ins>+ 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IgnoreOpensDuringUnloadCountIncrementer.h; sourceTree = "<group>"; };
</ins><span class="cx"> 4689F1AE1267BAE100E8D380 /* FileMetadata.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FileMetadata.h; sourceTree = "<group>"; };
</span><span class="cx"> 46C83EFB1A9BBE2900A79A41 /* GeoNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = GeoNotifier.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 46C83EFC1A9BBE2900A79A41 /* GeoNotifier.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GeoNotifier.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -24004,6 +24006,7 @@
</span><span class="cx"> C3CF17A215B0063F00276D39 /* IdTargetObserverRegistry.cpp */,
</span><span class="cx"> C3CF17A315B0063F00276D39 /* IdTargetObserverRegistry.h */,
</span><span class="cx"> 8AB4BC76126FDB7100DEB727 /* IgnoreDestructiveWriteCountIncrementer.h */,
</span><ins>+ 467302011C4EFE6600BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h */,
</ins><span class="cx"> AA4C3A740B2B1679002334A2 /* InlineStyleSheetOwner.cpp */,
</span><span class="cx"> AA4C3A750B2B1679002334A2 /* InlineStyleSheetOwner.h */,
</span><span class="cx"> 85031B2D0A44EFC700F992E0 /* KeyboardEvent.cpp */,
</span><span class="lines">@@ -25624,6 +25627,7 @@
</span><span class="cx"> 976D6C89122B8A3D001FD1F7 /* FileReader.h in Headers */,
</span><span class="cx"> 2E75841E12779ADA0062628B /* FileReaderLoader.h in Headers */,
</span><span class="cx"> 2E75841F12779ADA0062628B /* FileReaderLoaderClient.h in Headers */,
</span><ins>+ 467302021C4EFE7800BCB357 /* IgnoreOpensDuringUnloadCountIncrementer.h in Headers */,
</ins><span class="cx"> 2EDF369D122C94B4002F7D4E /* FileReaderSync.h in Headers */,
</span><span class="cx"> 2EF1BFEB121C9F4200C27627 /* FileStream.h in Headers */,
</span><span class="cx"> 2EF1BFF9121CB0CE00C27627 /* FileStreamClient.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumentcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.cpp (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/dom/Document.cpp 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -475,7 +475,6 @@
</span><span class="cx"> , m_gotoAnchorNeededAfterStylesheetsLoad(false)
</span><span class="cx"> , m_frameElementsShouldIgnoreScrolling(false)
</span><span class="cx"> , m_updateFocusAppearanceRestoresSelection(SelectionRestorationMode::SetDefault)
</span><del>- , m_ignoreDestructiveWriteCount(0)
</del><span class="cx"> , m_markers(std::make_unique<DocumentMarkerController>(*this))
</span><span class="cx"> , m_updateFocusAppearanceTimer(*this, &Document::updateFocusAppearanceTimerFired)
</span><span class="cx"> , m_cssTarget(nullptr)
</span><span class="lines">@@ -2497,6 +2496,9 @@
</span><span class="cx">
</span><span class="cx"> void Document::open(Document* ownerDocument)
</span><span class="cx"> {
</span><ins>+ if (m_ignoreOpensDuringUnloadCount)
+ return;
+
</ins><span class="cx"> if (ownerDocument) {
</span><span class="cx"> setURL(ownerDocument->url());
</span><span class="cx"> setCookieURL(ownerDocument->cookieURL());
</span><span class="lines">@@ -2845,7 +2847,7 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> bool hasInsertionPoint = m_parser && m_parser->hasInsertionPoint();
</span><del>- if (!hasInsertionPoint && m_ignoreDestructiveWriteCount)
</del><ins>+ if (!hasInsertionPoint && (m_ignoreOpensDuringUnloadCount || m_ignoreDestructiveWriteCount))
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> if (!hasInsertionPoint)
</span></span></pre></div>
<a id="trunkSourceWebCoredomDocumenth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/dom/Document.h (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/Document.h 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/dom/Document.h 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -1338,6 +1338,7 @@
</span><span class="cx"> private:
</span><span class="cx"> friend class Node;
</span><span class="cx"> friend class IgnoreDestructiveWriteCountIncrementer;
</span><ins>+ friend class IgnoreOpensDuringUnloadCountIncrementer;
</ins><span class="cx">
</span><span class="cx"> void updateTitleElement(Element* newTitleElement);
</span><span class="cx">
</span><span class="lines">@@ -1528,9 +1529,12 @@
</span><span class="cx"> bool m_frameElementsShouldIgnoreScrolling;
</span><span class="cx"> SelectionRestorationMode m_updateFocusAppearanceRestoresSelection;
</span><span class="cx">
</span><del>- // http://www.whatwg.org/specs/web-apps/current-work/#ignore-destructive-writes-counter
- unsigned m_ignoreDestructiveWriteCount;
</del><ins>+ // https://html.spec.whatwg.org/multipage/webappapis.html#ignore-destructive-writes-counter
+ unsigned m_ignoreDestructiveWriteCount { 0 };
</ins><span class="cx">
</span><ins>+ // https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
+ unsigned m_ignoreOpensDuringUnloadCount { 0 };
+
</ins><span class="cx"> unsigned m_styleRecalcCount { 0 };
</span><span class="cx">
</span><span class="cx"> StringWithDirection m_title;
</span></span></pre></div>
<a id="trunkSourceWebCoredomIgnoreOpensDuringUnloadCountIncrementerh"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h (0 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h (rev 0)
+++ trunk/Source/WebCore/dom/IgnoreOpensDuringUnloadCountIncrementer.h 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -0,0 +1,57 @@
</span><ins>+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef IgnoreOpensDuringUnloadCountIncrementer_h
+#define IgnoreOpensDuringUnloadCountIncrementer_h
+
+#include "Document.h"
+
+namespace WebCore {
+
+class IgnoreOpensDuringUnloadCountIncrementer {
+ WTF_MAKE_NONCOPYABLE(IgnoreOpensDuringUnloadCountIncrementer);
+public:
+ explicit IgnoreOpensDuringUnloadCountIncrementer(Document* document)
+ : m_count(document ? &document->m_ignoreOpensDuringUnloadCount : nullptr)
+ {
+ if (!m_count)
+ return;
+ ++(*m_count);
+ }
+
+ ~IgnoreOpensDuringUnloadCountIncrementer()
+ {
+ if (!m_count)
+ return;
+ --(*m_count);
+ }
+
+private:
+ unsigned* m_count;
+};
+
+} // namespace WebCore
+
+#endif // IgnoreOpensDuringUnloadCountIncrementer_h
</ins></span></pre></div>
<a id="trunkSourceWebCorehistoryCachedFramecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/history/CachedFrame.cpp (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/history/CachedFrame.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/history/CachedFrame.cpp 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -39,6 +39,7 @@
</span><span class="cx"> #include "FrameView.h"
</span><span class="cx"> #include "HistoryController.h"
</span><span class="cx"> #include "HistoryItem.h"
</span><ins>+#include "IgnoreOpensDuringUnloadCountIncrementer.h"
</ins><span class="cx"> #include "Logging.h"
</span><span class="cx"> #include "MainFrame.h"
</span><span class="cx"> #include "Page.h"
</span><span class="lines">@@ -157,10 +158,18 @@
</span><span class="cx"> m_document->setInPageCache(true);
</span><span class="cx"> frame.loader().stopLoading(UnloadEventPolicyUnloadAndPageHide);
</span><span class="cx">
</span><del>- // Create the CachedFrames for all Frames in the FrameTree.
- for (Frame* child = frame.tree().firstChild(); child; child = child->tree().nextSibling())
- m_childFrames.append(std::make_unique<CachedFrame>(*child));
</del><ins>+ {
+ // The following will fire the pagehide event in each subframe and the HTML specification states
+ // that the parent document's ignore-opens-during-unload counter should be incremented while the
+ // pagehide event is being fired in its subframes:
+ // https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_document.get());
</ins><span class="cx">
</span><ins>+ // Create the CachedFrames for all Frames in the FrameTree.
+ for (Frame* child = frame.tree().firstChild(); child; child = child->tree().nextSibling())
+ m_childFrames.append(std::make_unique<CachedFrame>(*child));
+ }
+
</ins><span class="cx"> // Active DOM objects must be suspended before we cache the frame script data,
</span><span class="cx"> // but after we've fired the pagehide event, in case that creates more objects.
</span><span class="cx"> // Suspending must also happen after we've recursed over child frames, in case
</span></span></pre></div>
<a id="trunkSourceWebCoreloaderFrameLoadercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (195495 => 195496)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/loader/FrameLoader.cpp 2016-01-23 00:41:06 UTC (rev 195495)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2016-01-23 01:04:59 UTC (rev 195496)
</span><span class="lines">@@ -77,6 +77,7 @@
</span><span class="cx"> #include "HistoryController.h"
</span><span class="cx"> #include "HistoryItem.h"
</span><span class="cx"> #include "IconController.h"
</span><ins>+#include "IgnoreOpensDuringUnloadCountIncrementer.h"
</ins><span class="cx"> #include "InspectorController.h"
</span><span class="cx"> #include "InspectorInstrumentation.h"
</span><span class="cx"> #include "LoaderStrategy.h"
</span><span class="lines">@@ -2426,6 +2427,12 @@
</span><span class="cx">
</span><span class="cx"> void FrameLoader::detachChildren()
</span><span class="cx"> {
</span><ins>+ // detachChildren() will fire the unload event in each subframe and the
+ // HTML specification states that the parent document's ignore-opens-during-unload counter while
+ // this event is being fired in its subframes:
+ // https://html.spec.whatwg.org/multipage/browsers.html#unload-a-document
+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document());
+
</ins><span class="cx"> Vector<Ref<Frame>, 16> childrenToDetach;
</span><span class="cx"> childrenToDetach.reserveInitialCapacity(m_frame.tree().childCount());
</span><span class="cx"> for (Frame* child = m_frame.tree().lastChild(); child; child = child->tree().previousSibling())
</span><span class="lines">@@ -2878,6 +2885,7 @@
</span><span class="cx">
</span><span class="cx"> // We store the frame's page in a local variable because the frame might get detached inside dispatchEvent.
</span><span class="cx"> ForbidPromptsScope forbidPrompts(m_frame.page());
</span><ins>+ IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document());
</ins><span class="cx">
</span><span class="cx"> if (m_didCallImplicitClose && !m_wasUnloadEventEmitted) {
</span><span class="cx"> auto* currentFocusedElement = m_frame.document()->focusedElement();
</span></span></pre>
</div>
</div>
</body>
</html>