[Webkit-unassigned] [Bug 39288] Geolocation causes DOMWindow to leak if position requests are in progress when the page is navigated away
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 24 10:39:46 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39288
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|New Bugs |WebCore Misc.
CC| |ap at webkit.org,
| |darin at apple.com
--- Comment #14 from Alexey Proskuryakov <ap at webkit.org> 2010-05-24 10:39:45 PST ---
I second Darin's concern - the "after the unload event has fired, so no new Geolocation activity is possible" explanation seems weak. If one manages to start a Geolocation after stop(), then we have a security bug due to accessing deallocated objects.
We should revert this change unless there is a strong guarantee that this can't happen.
> However, the Frame may not be destroyed if the Geolocation object still holds
> references to JS callback functions, as these create circular references.
What exactly creates the circular reference? I think that the proper fix would be to avoid having those - disconnectFrame() makes referencing the frame from geolocation code unnecessary.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list