RESOLVED FIXED 153255
Document.open / Document.write should be prevented while the document is being unloaded 
https://bugs.webkit.org/show_bug.cgi?id=153255
Summary Document.open / Document.write should be prevented while the document is bein...
Chris Dumez
Reported 2016-01-19 14:56:09 PST
Document.open / Document.write should be prevented while the document is being unloaded: https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-open https://html.spec.whatwg.org/multipage/webappapis.html#dom-document-write This causes us to fail and crash on the following W3C test: http://w3c-test.org/html/browsers/browsing-the-web/unloading-documents/005.html
Attachments
WIP Patch (needs a test) (10.22 KB, patch)
2016-01-19 17:01 PST, Chris Dumez 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews103 for mac-yosemite (835.25 KB, application/zip)
2016-01-19 17:56 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews115 for mac-yosemite (797.20 KB, application/zip)
2016-01-19 18:04 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews107 for mac-yosemite-wk2 (828.43 KB, application/zip)
2016-01-19 18:04 PST, Build Bot 		no flags
Details
WIP Patch (needs a test) (10.94 KB, patch)
2016-01-21 12:25 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (22.68 KB, patch)
2016-01-21 16:11 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-01-19 14:56:31 PST
rdar://problem/22741293
Chris Dumez
Comment 2 2016-01-19 15:18:44 PST
Document.open step 6: Similarly, if the Document's ignore-opens-during-unload counter is greater than zero, then the method does nothing. Abort these steps and return the Document object on which the method was invoked. Document.write step 3: If the insertion point is undefined and either the Document's ignore-opens-during-unload counter is greater than zero or the Document's ignore-destructive-writes counter is greater than zero, abort these steps. -> https://html.spec.whatwg.org/multipage/webappapis.html#ignore-opens-during-unload-counter
Chris Dumez
Comment 3 2016-01-19 17:01:08 PST
Created attachment 269312 [details] WIP Patch (needs a test)
Build Bot
Comment 4 2016-01-19 17:56:44 PST
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/714707 New failing tests: fast/frames/frame-unload-crash2.html fast/parser/document-open-in-unload.html
Build Bot
Comment 5 2016-01-19 17:56:48 PST
Created attachment 269319 [details] Archive of layout-test-results from ews103 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 6 2016-01-19 18:04:33 PST
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/714717 New failing tests: fast/frames/frame-unload-crash2.html fast/parser/document-open-in-unload.html
Build Bot
Comment 7 2016-01-19 18:04:39 PST
Created attachment 269321 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 8 2016-01-19 18:04:48 PST
Comment on attachment 269312 [details] WIP Patch (needs a test) Attachment 269312 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/714727 New failing tests: fast/frames/frame-unload-crash2.html
Build Bot
Comment 9 2016-01-19 18:04:54 PST
Created attachment 269322 [details] Archive of layout-test-results from ews107 for mac-yosemite-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-yosemite-wk2 Platform: Mac OS X 10.10.5
Chris Dumez
Comment 10 2016-01-21 12:25:04 PST
Created attachment 269482 [details] WIP Patch (needs a test)
Chris Dumez
Comment 11 2016-01-21 16:11:15 PST
Created attachment 269510 [details] Patch
Ryosuke Niwa
Comment 12 2016-01-22 15:58:29 PST
Comment on attachment 269510 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=269510&action=review > Source/WebCore/loader/FrameLoader.cpp:2889 > + IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); I think we need to handle this in beforeunload event dispatching as well. We can do it in a separate patch though.
Chris Dumez
Comment 13 2016-01-22 16:14:25 PST
(In reply to comment #12) > Comment on attachment 269510 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=269510&action=review > > > Source/WebCore/loader/FrameLoader.cpp:2889 > > + IgnoreOpensDuringUnloadCountIncrementer ignoreOpensDuringUnloadCountIncrementer(m_frame.document()); > > I think we need to handle this in beforeunload event dispatching as well. > We can do it in a separate patch though. Good point, I'll do this in a follow-up patch.
WebKit Commit Bot
Comment 14 2016-01-22 17:05:10 PST
Comment on attachment 269510 [details] Patch Clearing flags on attachment: 269510 Committed r195496: <http://trac.webkit.org/changeset/195496>
WebKit Commit Bot
Comment 15 2016-01-22 17:05:16 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.