Document.open / Document.write should be prevented while the document is being unloaded: https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write This causes us to fail and crash on the following W3C test: http://w3c-test.org/html/browsers/browsing-the-web/unloading-documents/005.html
rdar://problem/22741293
Document.open step 6: Similarly, if the Document's ignore-opens-during-unload counter is greater than zero, then the method does nothing. Abort these steps and return the Document object on which the method was invoked. Document.write step 3: If the insertion point is undefined and either the Document's ignore-opens-during-unload counter is greater than zero or the Document's ignore-destructive-writes counter is greater than zero, abort these steps. -> https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
Created attachment 269312 [details] WIP Patch (needs a test)
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/714707 New failing tests: fast/frames/frame-unload-crash2.html fast/parser/document-open-in-unload.html
Created attachment 269319 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/714717 New failing tests: fast/frames/frame-unload-crash2.html fast/parser/document-open-in-unload.html
Created attachment 269321 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/714727 New failing tests: fast/frames/frame-unload-crash2.html
Created attachment 269322 [details] Archive of layout-test-results from ews107 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Created attachment 269482 [details] WIP Patch (needs a test)
Created attachment 269510 [details] Patch
Comment on attachment 269510 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=269510&action=review > Source/WebCore/loader/FrameLoader.cpp:2889 > + IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); I think we need to handle this in beforeunload event dispatching as well. We can do it in a separate patch though.
(In reply to comment #12) > Comment on attachment 269510 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=269510&action=review > > > Source/WebCore/loader/FrameLoader.cpp:2889 > > + IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); > > I think we need to handle this in beforeunload event dispatching as well. > We can do it in a separate patch though. Good point, I'll do this in a follow-up patch.
Comment on attachment 269510 [details] Patch Clearing flags on attachment: 269510 Committed r195496: <http://trac.webkit.org/changeset/195496>
All reviewed patches have been landed. Closing bug.