[Webkit-unassigned] [Bug 196280] New: Web Inspector: Crash when interacting with Template Content in Console
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 26 17:17:24 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196280
Bug ID: 196280
Summary: Web Inspector: Crash when interacting with Template
Content in Console
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: Web Inspector
Assignee: webkit-unassigned at lists.webkit.org
Reporter: joepeck at webkit.org
CC: inspector-bugzilla-changes at group.apple.com
Crash when interacting with Template Content in Console
Steps to Reproduce:
1. Inspect data:text/html,<template>
2. Select "Template Content" node inside of the <template> element
3. js> $0.|
=> CRASH
Seems like the targetDocument->domWindow() is nullptr in WebCore::canAccessDocument?
Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000078)
[ 0] 0x00007fff5253a12f WebCore`WebCore::DOMWindow::crossDomainAccessErrorMessage(WebCore::DOMWindow const&, WebCore::IncludeTargetOrigin) [inlined] WebCore::ContextDestructionObserver::scriptExecutionContext() const at ContextDestructionObserver.h:38:69
34 public:
35 WEBCORE_EXPORT explicit ContextDestructionObserver(ScriptExecutionContext*);
36 WEBCORE_EXPORT virtual void contextDestroyed();
37
-> 38 ScriptExecutionContext* scriptExecutionContext() const { return m_scriptExecutionContext; }
39
40 protected:
41 WEBCORE_EXPORT virtual ~ContextDestructionObserver();
42 void observeContext(ScriptExecutionContext*);
[ 0] 0x00007fff5253a12f WebCore`WebCore::DOMWindow::crossDomainAccessErrorMessage(WebCore::DOMWindow const&, WebCore::IncludeTargetOrigin) [inlined] WebCore::DOMWindow::document() const at DOMWindow.cpp:1435
1431 }
1432
1433 Document* DOMWindow::document() const
1434 {
-> 1435 return downcast<Document>(ContextDestructionObserver::scriptExecutionContext());
1436 }
1437
1438 StyleMedia& DOMWindow::styleMedia()
1439 {
[ 0] 0x00007fff5253a12f WebCore`WebCore::DOMWindow::crossDomainAccessErrorMessage(WebCore::DOMWindow const&, WebCore::IncludeTargetOrigin) + 111 at DOMWindow.cpp:2210
2206 ASSERT(!activeWindow.document()->securityOrigin().canAccess(document()->securityOrigin()));
2207
2208 // FIXME: This message, and other console messages, have extra newlines. Should remove them.
2209 SecurityOrigin& activeOrigin = activeWindow.document()->securityOrigin();
-> 2210 SecurityOrigin& targetOrigin = document()->securityOrigin();
2211 String message;
2212 if (includeTargetOrigin == IncludeTargetOrigin::Yes)
2213 message = makeString("Blocked a frame with origin \"", activeOrigin.toString(), "\" from accessing a frame with origin \"", targetOrigin.toString(), "\". ");
2214 else
[ 1] 0x00007fff5131b9e2 WebCore`WebCore::canAccessDocument(JSC::ExecState*, WebCore::Document*, WebCore::SecurityReportingOption) + 210 at JSDOMBindingSecurity.cpp:63:89
59 case ThrowSecurityError:
60 throwSecurityError(*state, scope, targetDocument->domWindow()->crossDomainAccessErrorMessage(active, IncludeTargetOrigin::No));
61 break;
62 case LogSecurityError:
-> 63 printErrorMessageForFrame(targetDocument->frame(), targetDocument->domWindow()->crossDomainAccessErrorMessage(active, IncludeTargetOrigin::Yes));
64 break;
65 case DoNotReportSecurityError:
66 break;
67 }
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190327/7f338240/attachment-0001.html>
More information about the webkit-unassigned
mailing list