[Webkit-unassigned] [Bug 165852] WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 14 10:14:31 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165852
--- Comment #7 from Antti Koivisto <koivisto at iki.fi> ---
I tried this but it doesn't hit the case:
<iframe srcdoc="text" onload="test()"></iframe>
<script>
function test() {
const iframe = document.querySelector("iframe");
const contentDocument = iframe.contentDocument;
document.body.removeChild(iframe);
const img = contentDocument.createElement("img");
img.setAttribute("src", "foo.png");
}
</script>
Note that this doesn't necessarily have anything to do with srcdoc, local m_frame could be null.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161214/43dbfbb1/attachment.html>
More information about the webkit-unassigned
mailing list