Bug 41511 - [v8] Web Inspector: inspected page crashes on attempt to change iframe's src attribute
Summary: [v8] Web Inspector: inspected page crashes on attempt to change iframe's src ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Yury Semikhatsky
URL:
Keywords:
Depends on:
Blocks: 41350
  Show dependency treegraph
 
Reported: 2010-07-02 00:59 PDT by Yury Semikhatsky
Modified: 2010-07-02 04:44 PDT (History)
9 users (show)

See Also:


Attachments
Patch (16.93 KB, patch)
2010-07-02 01:04 PDT, Yury Semikhatsky
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yury Semikhatsky 2010-07-02 00:59:33 PDT
Inspected page crashes on attempt to change iframe's src attribute.

Steps to reproduce:

1. Open a document with iframe.
2. Open DevTools and try to change the iframe's "src" attribute value.

Result:
Inspected renderer crashes.
Comment 1 Yury Semikhatsky 2010-07-02 01:04:57 PDT
Created attachment 60347 [details]
Patch
Comment 2 Yury Semikhatsky 2010-07-02 01:12:54 PDT
(In reply to comment #1)
> Created an attachment (id=60347) [details]
> Patch


It's the same patch as http://trac.webkit.org/changeset/62246 which was reverted due to Chromium ui test failures caused by empty JS stack when ScriptController::processingUserGesture was called. Now processingUserGesture checks if the V8Proxy owned by the ScriptController is currently running JS code and if it is not just calls UserGestureIndicator. Before the change the code tested if there are any Frame on the stack where JS is executing.
Comment 3 Yury Semikhatsky 2010-07-02 04:44:11 PDT
Comment on attachment 60347 [details]
Patch

Clearing flags on attachment: 60347

Committed r62380: <http://trac.webkit.org/changeset/62380>
Comment 4 Yury Semikhatsky 2010-07-02 04:44:22 PDT
All reviewed patches have been landed.  Closing bug.