Inspected page crashes on attempt to change iframe's src attribute. Steps to reproduce: 1. Open a document with iframe. 2. Open DevTools and try to change the iframe's "src" attribute value. Result: Inspected renderer crashes.
Created attachment 60347 [details] Patch
(In reply to comment #1) > Created an attachment (id=60347) [details] > Patch It's the same patch as http://trac.webkit.org/changeset/62246 which was reverted due to Chromium ui test failures caused by empty JS stack when ScriptController::processingUserGesture was called. Now processingUserGesture checks if the V8Proxy owned by the ScriptController is currently running JS code and if it is not just calls UserGestureIndicator. Before the change the code tested if there are any Frame on the stack where JS is executing.
Comment on attachment 60347 [details] Patch Clearing flags on attachment: 60347 Committed r62380: <http://trac.webkit.org/changeset/62380>
All reviewed patches have been landed. Closing bug.