[Webkit-unassigned] [Bug 119060] Do not fire load events from frames with scripting disabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 24 12:46:24 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=119060
--- Comment #1 from Ryosuke Niwa <rniwa at webkit.org> 2013-07-24 12:46:15 PST ---
Do not fire load events from frames with scripting disabled
This patch fixes a crash where an SVG CSS background image could cause
all pending load events to fire. This became problematic once data uri
images started firing synchronously. The events we are interested in
preventing are global pending load events because they are cross-
document and will be fired from an inner (sandboxed) SVG document.
This patch disables load events from frames where scripting is disabled.
Do not fire beforeload events from frames with scripting disabled
This patch fixes a crash where an SVG CSS background image could cause
all pending beforeload events to fire. This became problematic once data
uri images started firing synchronously. The events we are interested in
preventing are global pending beforeload events because they are cross-
document and could be fired from an inner (sandboxed) SVG document.
This patch disables beforeload events from frames where scripting is disabled.
This is a followup to https://src.chromium.org/viewvc/blink?view=rev&revision=153029
which missed this case in XMLDocumentParser.cpp. I have verified the
other global pending event handlers are not called elsewhere.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list