Bug 96741

fast/loader/recursive-before-unload-crash.html fails on WebKit2: --- /home/chris/unencrypted/WebKit/lol/fast/loader/recursive-before-unload-crash-expected.txt +++ /home/chris/unencrypted/WebKit/lol/fast/loader/recursive-before-unload-crash-actual.txt @@ -1,10 +1,2 @@ ALERT: onbeforeunload called, and iframe hasn't been added yet. ALERT: Adding iframe -This test demonstrates a problem with our handling of the beforeunload event. -If a script manages to try and navigate the frame from beforeunload - when a navigation is already pending - we end up blowing out the stack by recursively consulting the policy delegate then running onbeforeunload repeatedly. -After this happens, the FrameLoader is in a bogus state where it thinks it is in the middle of a provisional load, but it doesn't have a provisional document loader. -In this state, the frame is very difficult to navigate anywhere else, and attempts to load new things within the frame can result in a crash. -This was reproducibly identified on sears.com following a bizarre Safari specific code path. -Click here to run the beforeunload test and blow out the stack -Click here to append an iframe and crash