<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext"
href="https://bugs.webkit.org/show_bug.cgi?id=147227#c4">Comment # 4</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext"
href="https://bugs.webkit.org/show_bug.cgi?id=147227">bug 147227</a>
from <span class="vcard"><a class="email" href="mailto:beidson@apple.com" title="Brady Eidson <beidson@apple.com>"> <span class="fn">Brady Eidson</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=147227#c3">comment #3</a>)
<span class="quote">> Comment on <span class=""><a href="attachment.cgi?id=257354&action=diff" name="attach_257354" title="Patch v1">attachment 257354</a> <a href="attachment.cgi?id=257354&action=edit" title="Patch v1">[details]</a></span>
> Patch v1
>
> View in context:
> <a href="https://bugs.webkit.org/attachment.cgi?id=257354&action=review">https://bugs.webkit.org/attachment.cgi?id=257354&action=review</a>
>
> Hrmpf. Nice.
>
> > LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt:3
> > +CONSOLE MESSAGE: Refused to load the font '<a href="http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff">http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff</a>' because it violates the following Content Security Policy directive: "font-src <a href="http://webkit.org">http://webkit.org</a>".
> > +
> > +CONSOLE MESSAGE: Refused to load the font '<a href="http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff">http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff</a>' because it violates the following Content Security Policy directive: "font-src <a href="http://webkit.org">http://webkit.org</a>".
>
> Why is this logged twice, do we have a bug?</span >
No - the style sheet is injected into both frames, so the CSP fires twice.
<span class="quote">>
> > LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html:8
> > + testRunner.addUserStyleSheet("@font-face { font-family: ExampleFont; src: url(example_font.woff); }", true);
>
> I wonder if this can also be reproduced with something like
>
> <iframe src="<a href="http://www.apple.com">http://www.apple.com</a>"></iframe>
> <script>
> frames[0].document.write(theStylesheet);
> </script>
> </span >
That wouldn't do it, because initial document creation is synchronous, and completed by the time you get to document.write.
By the time you get there, you'd have the networking context and wouldn't repro the crash.
<span class="quote">> > Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:255
> > + // We shouldn't be sending ping loads during that process anyways.
>
> What do other browsers do? I wonder if "shouldn't" may be too assertive.
>
> It feels like we shouldn't apply user stylesheets in initial documents, what
> do you think?</span >
Perhaps it is too assertive. I'll relax it before landing.
I postulated at least one other solution in the radar but it seems much higher risk.
I'm not sure whether or not user sheets should apply to the initial empty document - I'd want Simon, Antti, Andreas, etc to comment.
As is, this patch restores precisely the behavior we had before <a href="https://trac.webkit.org/changeset/186530">https://trac.webkit.org/changeset/186530</a> - I'm pretty confident in that interim step while we explore what we should *really* be doing here.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>