Created attachment 151438 [details] Repro. Put this to LayoutTests/fast/loader/. Requires iframe/@srcdoc. Regression by http://trac.webkit.org/changeset/109480/trunk https://bugs.webkit.org/show_bug.cgi?id=79206 In r109480, I forgot to take care of documents in <iframe>s in a document loaded by FrameLoader::loadItem().
Created attachment 151624 [details] Patch
Comment on attachment 151624 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=151624&action=review > Source/WebCore/loader/HistoryController.cpp:166 > - if (item->isCurrentDocument(document)) { > + if (item->isCurrentDocument(document) && document->attached()) { I'm not confident of this change. HistoryController::saveDocumentState() is called twice for a subframe document when the main frame is navigated to another URL. 1. FrameLoader::detachChildren() of the parent FrameLoader FrameLoader::detachFromParent() FrameLoader::closeURL() HistoryController::saveDocumentState() 2. HTMLFrameOwnerElement::disconnectContentFrame FrameLoader::frameDetached() FrameLoader::detachFromParent() FrameLoader::closeURL() HistoryController::saveDocumentState() Is it an expected behavior?
Created attachment 160301 [details] Patch 2 just rebase
Comment on attachment 160301 [details] Patch 2 View in context: https://bugs.webkit.org/attachment.cgi?id=160301&action=review > Source/WebCore/ChangeLog:29 > + Added. This function checks the current HisotryItem is associated spelling Hisotry > Source/WebCore/loader/HistoryController.cpp:182 > +static inline bool isAssociatedToRequestedHisotryItem(const HistoryItem* current, Frame* frame, const HistoryItem* requested) spelling "Hisotry"
Created attachment 160891 [details] Patch for landing hisotry
Comment on attachment 160891 [details] Patch for landing Clearing flags on attachment: 160891 Committed r126839: <http://trac.webkit.org/changeset/126839>
All reviewed patches have been landed. Closing bug.