[Webkit-unassigned] [Bug 15707] Crash when manipulating document from within an iframe onload function

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 26 04:27:18 PDT 2007


------- Comment #2 from ap at webkit.org  2007-10-26 04:27 PDT -------
Here's what is going on:
1) There are two subframes, each calls parent.open() from its onload handler.
2) As the first subframe loads and open()s its parent, the parent is destroyed,
and calls willRemove() on the second frame.
3) The second frame stops loading, dispatches onload and thus calls
parent.open() again!

Naturally, Document::open() causes havoc when entered recursively.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list