[Webkit-unassigned] [Bug 24067] REGRESSION: Crash in WebCore::Document::initSecurityContext
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 21 05:17:56 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=24067
------- Comment #3 from ap at webkit.org 2009-02-21 05:17 PDT -------
Created an attachment (id=27852)
--> (https://bugs.webkit.org/attachment.cgi?id=27852&action=view)
test case (crash)
There are two ways to fix this bug:
1) Restore the null check in Document::initSecurityContext().
2) Change FrameLoader::begin() to create a new document before detaching the
old one.
The former will just restore the old behavior, but the latter might be more
correct, because the below code from initSecurityContext would run. I don't
know how to test for security context aliasing to find out what Firefox does in
this particular case.
if (ownerFrame) {
m_cookieURL = ownerFrame->document()->cookieURL();
// We alias the SecurityOrigins to match Firefox, see Bug 15313
// https://bugs.webkit.org/show_bug.cgi?id=15313
ScriptExecutionContext::setSecurityOrigin(ownerFrame->document()->securityOrigin());
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list