File: iframe-reparenting-close-window.html

package info (click to toggle)

qtwebkit 2.3.4.dfsg-3

links: PTS, VCS
area: main
in suites: jessie, jessie-kfreebsd
size: 290,116 kB
ctags: 272,544
sloc: cpp: 1,417,496; python: 85,048; ansic: 39,353; perl: 38,858; ruby: 10,313; objc: 9,505; xml: 8,679; asm: 3,864; yacc: 2,458; sh: 1,237; lex: 813; makefile: 592; java: 228; php: 79

file content (31 lines) | stat: -rwxr-xr-x 1,298 bytes

parent folder | download | duplicates (15)

<html>
<script>
window.log = function(message)
{
  document.getElementById("log").innerText += message + "\n";
}

function childLoaded()
{
  log("Child window loaded.");
  window.childWindow.addAndTransferIframe();
}

function start()
{
  window.childWindow = window.open("iframe-reparenting-close-window-child.html", "_blank");
  window.childWindow.addEventListener("load", childLoaded, false);
}

</script>
<body>
<p>Bug: https://bugs.webkit.org/show_bug.cgi?id=70147</p>
<p>This test recreates scenario when an iframe is reparented from one page to another using 'live iframe transfer'
  (with adoptNode() used on the iframe right before re-parenting into the other page's DOM tree).
  Then the original page is closed, destroying some internal objects that are associated with the top frame/page/WebVeiw.</p>
<p>In Chromium, this destroys the underlying NotificationPresenter object which is associated with the Page, and as a result, the use of webkitNotification object from JavaScript can crash the browser or return bogus results ('use-after-delete').
  Open this test in Chromium and click the button to start the test. If the test doesn't crash, and prints expected results, the bug is not regressed.</p>
<button onclick="start()">Start test</button>
<pre id="log"></pre>
</body>
</html>