As part of restoring a page from the page cache we call Frame::setDocument() to re-associate the cached document into its frame. Frame::setDocument() triggers render tree construction and post style resolution callbacks that can do anything, including navigating child frames before we have restored them (and hence re-attached them to the frame tree). For example, pages embedded via an HTML object element are loaded from a post style resolution callback. We should not perform navigations during page restore.
Created attachment 346804 [details] Patch and layout test
Comment on attachment 346804 [details] Patch and layout test View in context: https://bugs.webkit.org/attachment.cgi?id=346804&action=review > LayoutTests/fast/history/go-back-to-object-subframe.html:22 > +window.onpageshow = runTest; We should probably mention in the change log that we're not preventing navigation during pageshow event.
(In reply to Ryosuke Niwa from comment #2) > Comment on attachment 346804 [details] > Patch and layout test > > View in context: > https://bugs.webkit.org/attachment.cgi?id=346804&action=review > > > LayoutTests/fast/history/go-back-to-object-subframe.html:22 > > +window.onpageshow = runTest; > > We should probably mention in the change log that we're not preventing > navigation during pageshow event. Will add the following remark to the change log entry in LayoutTests/ChangeLog: This change does not prevent navigations initiated from a pageshow event handler.
Committed r235121: <https://trac.webkit.org/changeset/235121>
<rdar://problem/43565212>