[Webkit-unassigned] [Bug 50254] Canceled frame loads can corrupt back forward list

Wed Jan 5 11:42:00 PST 2011

https://bugs.webkit.org/show_bug.cgi?id=50254

--- Comment #3 from Charles Reis <creis at chromium.org>  2011-01-05 11:42:00 PST ---
I'm trying a new approach with this bug.  I agree that we shouldn't be updating m_currentItem until the navigation is ready to commit, so it seems like recursiveGoToItem needs to change.  I'm taking your suggestion and setting m_provisionalItem in each of the frames of the tree until the commit, instead.

There's one wrinkle here that makes it more complicated.  While we are walking the frame tree with recursiveGoToItem and setting provisional items, it is possible for the actual navigation to immediately commit (on URLs like about:blank) *before* we visit the rest of the frames.  This means that a series of commit related events like updateForCommit, updateForFrameLoadCompleted, and the SetContentState calls in TestShell can all happen before we've set the provisional items on the remaining frames in the tree.

To clean this up, I'll split recursiveGoToItem into two phases: one that sets provisional items on all the frames that aren't going anywhere, and a second that navigates the desired frame(s).  As a result, we'll be ready if the navigation commits immediately.

I'll also have to fix updateForCommit to walk the frame tree and commit each of the provisional items afterward.  This will also restore their scroll position, instead of doing it in recursiveGoToItem.

I have a draft of a patch that seems to be working, and I'll upload it once it's cleaned up and passing all the tests.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.