[Webkit-unassigned] [Bug 23900] Crash if any frame in a frameset is named _top

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 1 09:33:05 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=23900


sverrir at chromium.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sverrir at chromium.org
             Status|RESOLVED                    |UNCONFIRMED
         Resolution|FIXED                       |




------- Comment #10 from sverrir at chromium.org  2009-03-01 09:33 PDT -------
I was not able to verify on latest Windows nightly is built on 41199 (and my
Windows box has never been able to build webkit).
The patch http://trac.webkit.org/changeset/41213 has been integrated into
chromium and testing the patch there seems to indicate that this patch does not
fix the problem.  I reopen the bug for now.

I will try to explain what my understanding up to now.  There are multiple ways
to refer to frames and some of them have special meaning.  Those that I know of
are: by name in the top namespace (javascript: myframe), by iterating through
the frameset (javascript: frames[i]) and in hyperlinks (<a
target="myframe"...).  As far as I can tell the hyperlink-target approach is
the only one that should have this special meaning.  Currently webkit is not
allowing frames to call themselves _blank but both IE and FF allow that.  Other
limitation in webkit is the enforcing of unique names - both IE and FF allow
multiple frames at the same level with the same name.  Referring to them in
javascript consistently just finds the first frame with that name.  The third
thing I've found is it is inconsistent within webkit if you can find frames
with special names or not - using iteration you get the mangled names but
direct reference by id or name finds the frame fine.

My change was only a quick workaround to fix the bug and I suggest it is
checked in for now until a more involved approach is found.  The correct
approach IMO is to allow frames to pick their own names and when finding frames
for hyperlink targets the special names are checked at that point and then a
fallback in looking up the framename from the frametree.  This will give a more
consistent behavior to FF/IE.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list