An iframe that species its source using the help:' protocol causes Safari 3.0 beta (522.11) to crash in WebCore. Sample HTML that crashes Safari 3.0 beta (522.11) [see attachment]: <html> <head> <title>Crash Safari 3.0 beta</title> </head> <body> <iframe src='help:'></iframe> </body> </html> Process call chain at time of crash [see attachment for full report]: 0 com.apple.WebCore 0x961e9c70 WebCore::DocumentLoader::frameLoader() const + 0 1 com.apple.WebCore 0x961ea0f8 WebCore::DocumentLoader::isLoadingInAPISense() const + 24 2 com.apple.WebCore 0x961dd92c WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 700 3 com.apple.WebCore 0x961ddfe8 WebCore::FrameLoader::recursiveCheckLoadComplete() + 504 4 com.apple.WebCore 0x961ddfd8 WebCore::FrameLoader::recursiveCheckLoadComplete() + 488 5 com.apple.WebCore 0x961de270 WebCore::FrameLoader::finishedLoading() + 368 6 com.apple.WebCore 0x961ee5e8 WebCore::MainResourceLoader::didFinishLoading() + 56 7 com.apple.WebCore 0x961c5174 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 84
Created attachment 15008 [details] The HTML that crashes Safari 3.0 beta
Created attachment 15009 [details] Crash report
This does not appear to crash SVN HEAD, but I do see a suspicious console log: 2007-06-13 16:12:58.362 Safari[5704:10b] *** -[NSCFSet removeObject:]: attempt to remove nil
Thanks for the report! After looking at your crash log this looks to be the same as bug 14116. *** This bug has been marked as a duplicate of 14116 ***