[Webkit-unassigned] [Bug 52018] Adopting an iframe to a child frame results in stack overflow
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 6 18:45:23 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=52018
--- Comment #3 from Ojan Vafai <ojan at chromium.org> 2011-01-06 18:45:23 PST ---
(From update of attachment 78202)
View in context: https://bugs.webkit.org/attachment.cgi?id=78202&action=review
> WebCore/dom/Document.cpp:896
> + if (frame()->tree()->isDescendantOf(iframe->contentFrame())) {
Does this cross-frame boundaries correctly? For example, lets say I have 3 frames. F1, F2, F3. F2 is a child of F1 and F3 is a child of F2. Will this catch the case where I try to F3.contentDocument.adoptNode(F1)?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list