Bug 43080

Summary: History.pushState() + navigation operates on top frame when called from nested context
Product: WebKit Reporter: Justin Schuh <jschuh>
Component: HistoryAssignee: Darin Fisher (:fishd, Google) <fishd>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, beidson, eric, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
repro
none
simple fix (wip)
none
v1 patch beidson: review+

Description Justin Schuh 2010-07-27 14:48:38 PDT 
Created attachment 62749 [details]
repro

I've attached two files that demonstrate an iframe using pushState() and back() to force navigation of the parent frame. The scripts work automatically on Chrome, but you can observe the same behavior with manual navigation in Safari. Based on my read of the standard we should be navigating the iframe's nested browsing context, not the top frame. This might be a regression from bug 36435.
Comment 1 Darin Fisher (:fishd, Google) 2010-07-27 16:53:47 PDT 
Created attachment 62773 [details]
simple fix (wip)

Here's the fix.  I still need to add a layout test, etc.  I'm also thinking of
changing createItemTree to return the target item as an out param so that we
can avoid the recursive walk done by HistoryItem::targetItem().
Comment 2 Darin Fisher (:fishd, Google) 2010-07-27 22:19:05 PDT 
Created attachment 62795 [details]
v1 patch
Comment 3 Darin Fisher (:fishd, Google) 2010-07-30 13:40:11 PDT 
Landed as http://trac.webkit.org/changeset/64369
Comment 4 WebKit Review Bot 2010-07-30 13:56:42 PDT 
http://trac.webkit.org/changeset/64369 might have broken Qt Linux Release