This code crashes: QWebPage page; page.mainFrame()->setHtml("<html><body></body></html>"); page.mainFrame()->evaluateJavaScript("history.pushState()"); The code crashes inside the HistoryController::pushState because a null pointer (m_previousItem is not set). The problem is casued by a feature of the QWebFrame::setHtml(); it doesn't set HistoryItem. The easiest workaround is to use QWebFrame::load instead.
Created attachment 55685 [details] Fix v1 This is a crash fix. I think it is the only thing we can do about it. Some history feature won't work.
Created attachment 55702 [details] Fix v1 :-)
Comment on attachment 55702 [details] Fix v1 It breaks layout tests... clearing flags
Created attachment 55816 [details] Fix v2
It would be good to mention in the ChangeLog why this is needed, as you said in the comment #0: "The problem is casued by a feature of the QWebFrame::setHtml(); it doesn't set HistoryItem." ... and that it is based of this: /* ... \note This method will not affect session or global history for the frame. */ void QWebFrame::setHtml(const QString &html, const QUrl &baseUrl)
Darin Fisher might be a potention reviewer
Created attachment 56338 [details] Fix v3 Changelog changes :-)
Yes, I remember that specific behaviour, nice that we have a test for it now.
Comment on attachment 56338 [details] Fix v3 Clearing flags on attachment: 56338 Committed r59815: <http://trac.webkit.org/changeset/59815>
All reviewed patches have been landed. Closing bug.
Comment on attachment 56338 [details] Fix v3 WebCore/loader/HistoryController.cpp:647 + if (!m_previousItem) this seems wrong to me. you probably meant to check m_currentItem here. note that m_currentItem is assigned to m_previousItem after the call to createTreeItem. this change means that the first page in a window cannot call pushState, which is not good.
(In reply to comment #11) > (From update of attachment 56338 [details]) > WebCore/loader/HistoryController.cpp:647 > + if (!m_previousItem) > this seems wrong to me. you probably meant to check m_currentItem here. > note that m_currentItem is assigned to m_previousItem after the call to > createTreeItem. this change means that the first page in a window cannot > call pushState, which is not good. You are right. I created a bug for it (bug 39418)