Original report at http://code.google.com/p/chromium/issues/detail?id=59576. Repro steps: 1. Display a web page 2. In the web page, display an iframe or object containing html 3. Navigate back & forward 4. In the same web page, display another iframe containing a different html page The problem is in the logic in FrameLoader::loadURLIntoChildFrame to load a child frame from a HistoryItem instead of from the url. I think we only want to load from a HistoryItem before the load event. Note that this problem is prevented by the page cache because the old contents of the child frame are immediately present and the display of a new frame will typically add a new Frame rather than overwrite.
Created attachment 101509 [details] patch
Comment on attachment 101509 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=101509&action=review Is the current behavior (that the URL is restored for iframes for back-forward navigations) tested anywhere? > LayoutTests/fast/loader/child-frame-add-after-back-forward.html:9 > + layoutTestController.overridePreference('WebKitUsesPageCachePreferenceKey', 0); You may want to add an unload handler too, so that the page cache is disabled when running the test in Safari too.
(In reply to comment #2) > (From update of attachment 101509 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=101509&action=review > > Is the current behavior (that the URL is restored for iframes for back-forward navigations) tested anywhere? Yeah, if I comment out the if() statement and everything inside, 2 tests each in fast/history and http/tests/navigation fail. > > > LayoutTests/fast/loader/child-frame-add-after-back-forward.html:9 > > + layoutTestController.overridePreference('WebKitUsesPageCachePreferenceKey', 0); > > You may want to add an unload handler too, so that the page cache is disabled when running the test in Safari too. Good point.
Created attachment 101743 [details] Patch for landing
Comment on attachment 101743 [details] Patch for landing Clearing flags on attachment: 101743 Committed r91583: <http://trac.webkit.org/changeset/91583>
All reviewed patches have been landed. Closing bug.
*** Bug 64402 has been marked as a duplicate of this bug. ***