[Webkit-unassigned] [Bug 39879] Geolocation activity started after frame has been disconnected can cause crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 9 08:43:40 PDT 2010


--- Comment #36 from Alexey Proskuryakov <ap at webkit.org>  2010-06-09 08:43:38 PST ---
> I wasn't aware of this. My understanding was that script execution is halted once
> a page is in the b/f cache, so new Geolocation activity isn't possible. Is this correct?

I'm basically thinking of the situation that's caught by this check. It's easier to demonstrate with secondary windows than subframes to abstract ourselves out from how history and bfcache works for frames:
1. Main document calls window.open() to open a secondary window.
2. It stores a reference to secondary window's navigator.Geolocation.
3. It navigates the secondary window to another page.
4. It tries to use the stored navigator.Geolocation object, getting an error due to it being frameless now.
5. It navigates secondary window back.

A possible twist in step 2 is to have a reference to a function in the secondary window that does step 4 (that way, lexical global object in bindings would be different, I think).

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list