[Webkit-unassigned] [Bug 165852] WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 14 10:16:23 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=165852
--- Comment #8 from Chris Dumez <cdumez at apple.com> ---
(In reply to comment #7)
> I tried this but it doesn't hit the case:
>
> <iframe srcdoc="text" onload="test()"></iframe>
> <script>
> function test() {
> const iframe = document.querySelector("iframe");
> const contentDocument = iframe.contentDocument;
> document.body.removeChild(iframe);
> const img = contentDocument.createElement("img");
> img.setAttribute("src", "foo.png");
> }
> </script>
>
> Note that this doesn't necessarily have anything to do with srcdoc, local
> m_frame could be null.
FrameLoader::m_frame is a reference so if it is null, we have bigger issues.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161214/de6b92f4/attachment.html>
More information about the webkit-unassigned
mailing list