[Webkit-unassigned] [Bug 35063] Particularly constructed WebFrames can try to access a null HistoryItem
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 20 20:23:26 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=35063
--- Comment #9 from David Benjamin <davidben at mit.edu> 2010-02-20 20:23:26 PST ---
Created an attachment (id=49140)
--> (https://bugs.webkit.org/attachment.cgi?id=49140)
Javascript test case
> All known cases seem to be using the Mac or (Apple)Windows API's [WebFrame
> loadData:] or [WebView initWithCoder:] which populate a WebFrame upon creation
> with content but never actually navigating it.
I was looking into a separate crash recently and noticed that this also fixes
it. You don't need to use WebKit APIs to trigger this; another case is if you
open an empty window and then document.write() into it. I've attached the file
I had been testing with.
(It appears that WebKit also doesn't follow what the standard says with regard
to inserting history entries on document.open(). See 3.5.1. It looks like
currently the type and replace arguments are ignored and no history
modifications take place? Could be wrong about that --- only just started
navigating the codebase.)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list