[Webkit-unassigned] [Bug 15707] Crash when manipulating document from within an iframe onload function
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 26 04:27:18 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15707
------- Comment #2 from ap at webkit.org 2007-10-26 04:27 PDT -------
Here's what is going on:
1) There are two subframes, each calls parent.open() from its onload handler.
2) As the first subframe loads and open()s its parent, the parent is destroyed,
and calls willRemove() on the second frame.
3) The second frame stops loading, dispatches onload and thus calls
parent.open() again!
Naturally, Document::open() causes havoc when entered recursively.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list