[Webkit-unassigned] [Bug 48812] New: FrameLoader::checkLoadCompleteForThisFrame uses wrong history item

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 1 17:56:27 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=48812

           Summary: FrameLoader::checkLoadCompleteForThisFrame uses wrong
                    history item
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: N/A
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: creis at chromium.org
                CC: brettw at chromium.org


FrameLoader::checkLoadCompleteForThisFrame is called when a navigation is canceled, and it instructs the back/forward history to go to the current item from the history, rather than staying at the canceled navigation's history item.  The method is getting the current item using history()->currentItem(), and then assigning it using page->backForward()->setCurrentItem(item.get()).

However, there are cases when history()'s current item and backForward()'s current item are different.  For example, holding down the "back" keyboard shortcut in Chromium will start several navigations, some of which get canceled before committing.  (See http://code.google.com/p/chromium/issues/detail?id=58082 for details.)  In this case, backForward()->currentHistoryItem() is updated for every attempted navigation, but history()->currentItem() is not.  By trying to set the current item to history()->currentItem(), FrameLoader::checkLoadCompleteForThisFrame is causing us to jump to an outdated entry, rather than the one that's in progress.  This is leading to corruption of the back/forward history in Chromium.

Since the method is trying to update the back/forward history, it should be getting the current history item from there to make sure it matches the current state.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list