Crash when navigating back to a page in PacheCache when one of its frames has been...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Jan 2017 05:36:19 +0000 (05:36 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 27 Jan 2017 05:36:19 +0000 (05:36 +0000)
commit040d9d6c8da6585f7d98cc24c04d703c49b5cf26
tree62e78ea21707c5863d0ebf281018cc882fd16a0b
parent522954b7785e506df80fe89aff8dbb7b550d7f65
Crash when navigating back to a page in PacheCache when one of its frames has been removed
https://bugs.webkit.org/show_bug.cgi?id=167421
<rdar://problem/30188490>

Reviewed by Darin Adler.

Source/WebCore:

Disallow page caching of a page if:
1. The main window has an opener (i.e. it was opened via window.open)
2. It has ever used window.open()

This is because allowing page caching in this case would allow such
windows to script each other even after one of them entered Page
Cache. Allowing this is dangerous and easily causes crashes.

This is a short term workaround until we find a better solution to
the problem. One issue is this workaround is that navigating back
to a page that has an opener or used window.open() will not longer
get the page from PageCache. As a result, state may be lost upon
navigating back. However, we never guarantee that pages get page
cached, and Chrome does not have a PageCache.

Tests: fast/history/page-cache-after-window-open.html
       fast/history/page-cache-back-navigation-crash.html
       fast/history/page-cache-with-opener.html

* dom/Document.cpp:
(WebCore::Document::hasEverCalledWindowOpen):
(WebCore::Document::markHasCalledWindowOpen):
* dom/Document.h:
* history/PageCache.cpp:
(WebCore::canCachePage):
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow):
* page/DiagnosticLoggingKeys.cpp:
(WebCore::DiagnosticLoggingKeys::hasCalledWindowOpenKey):
(WebCore::DiagnosticLoggingKeys::hasOpenerKey):
* page/DiagnosticLoggingKeys.h:
* page/Page.cpp:
(WebCore::Page::openedByWindowOpen):
* page/Page.h:
* page/Settings.in:

Source/WebKit/mac:

Add a new setting allowing layout tests to enable PageCache in a window
that has an opener, for convenience.

* WebView/WebPreferenceKeysPrivate.h:
* WebView/WebPreferences.mm:
(+[WebPreferences initialize]):
(-[WebPreferences allowsPageCacheWithWindowOpener]):
(-[WebPreferences setAllowsPageCacheWithWindowOpener:]):
* WebView/WebPreferencesPrivate.h:
* WebView/WebView.mm:
(-[WebView _preferencesChanged:]):

Source/WebKit/win:

Add a new setting allowing layout tests to enable PageCache in a window
that has an opener, for convenience.

* WebPreferenceKeysPrivate.h:
* WebPreferences.cpp:
(WebPreferences::initializeDefaultSettings):
* WebPreferences.h:

Source/WebKit2:

Add a new setting allowing layout tests to enable PageCache in a window
that has an opener, for convenience.

* Shared/WebPreferencesDefinitions.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetAllowsPageCacheWithWindowOpener):
(WKPreferencesGetAllowsPageCacheWithWindowOpener):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* WebProcess/InjectedBundle/InjectedBundle.cpp:
(WebKit::InjectedBundle::overrideBoolPreferenceForTestRunner):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::updatePreferences):

Tools:

Add a new setting allowing layout tests to enable PageCache in a window
that has an opener, for convenience.

* DumpRenderTree/mac/DumpRenderTree.mm:
(resetWebPreferencesToConsistentValues):
* DumpRenderTree/win/DumpRenderTree.cpp:
(resetWebPreferencesToConsistentValues):
* WebKitTestRunner/TestController.cpp:
(WTR::TestController::resetPreferencesToConsistentValues):

LayoutTests:

* fast/history/page-cache-after-window-open-expected.txt: Added.
* fast/history/page-cache-after-window-open.html: Added.
* fast/history/page-cache-back-navigation-crash-expected.txt: Added.
* fast/history/page-cache-back-navigation-crash.html: Added.
* fast/history/page-cache-with-opener-expected.txt: Added.
* fast/history/page-cache-with-opener.html: Added.
* fast/history/resources/page-cache-window-with-iframe.html: Added.
* fast/history/resources/page-cache-window-with-opener.html: Added.
Add layout test coverage.

* editing/mac/input/unconfirmed-text-navigation-with-page-cache.html:
* fast/harness/page-cache-crash-on-data-urls.html:
* fast/harness/use-page-cache.html:
* fast/history/page-cache-after-window-open-expected.txt: Added.
* fast/history/page-cache-after-window-open.html: Added.
* fast/history/page-cache-with-opener-expected.txt: Added.
* fast/history/page-cache-with-opener.html: Added.
* fast/history/resources/page-cache-window-with-opener.html: Added.
* fast/loader/stateobjects/no-popstate-when-back-to-stateless-entry-with-page-cache.html:
* fast/loader/stateobjects/popstate-fires-with-page-cache.html:
* tiled-drawing/tiled-drawing-scroll-position-page-cache-restoration.html:
These tests relied on using window.open() to test PageCache for convenience. They now
need to override a setting in order to be allowed to do so.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211254 268f45cc-cd09-0410-ab3c-d52691b4dbfc
46 files changed:
LayoutTests/ChangeLog
LayoutTests/editing/mac/input/unconfirmed-text-navigation-with-page-cache.html
LayoutTests/fast/harness/page-cache-crash-on-data-urls.html
LayoutTests/fast/harness/use-page-cache.html
LayoutTests/fast/history/page-cache-after-window-open-expected.txt [new file with mode: 0644]
LayoutTests/fast/history/page-cache-after-window-open.html [new file with mode: 0644]
LayoutTests/fast/history/page-cache-back-navigation-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/history/page-cache-back-navigation-crash.html [new file with mode: 0644]
LayoutTests/fast/history/page-cache-with-opener-expected.txt [new file with mode: 0644]
LayoutTests/fast/history/page-cache-with-opener.html [new file with mode: 0644]
LayoutTests/fast/history/resources/page-cache-window-with-iframe.html [new file with mode: 0644]
LayoutTests/fast/history/resources/page-cache-window-with-opener.html [new file with mode: 0644]
LayoutTests/fast/loader/stateobjects/no-popstate-when-back-to-stateless-entry-with-page-cache.html
LayoutTests/fast/loader/stateobjects/popstate-fires-with-page-cache.html
LayoutTests/tiled-drawing/tiled-drawing-scroll-position-page-cache-restoration.html
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/dom/Document.h
Source/WebCore/history/PageCache.cpp
Source/WebCore/page/DOMWindow.cpp
Source/WebCore/page/DiagnosticLoggingKeys.cpp
Source/WebCore/page/DiagnosticLoggingKeys.h
Source/WebCore/page/Page.cpp
Source/WebCore/page/Page.h
Source/WebCore/page/Settings.in
Source/WebKit/mac/ChangeLog
Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h
Source/WebKit/mac/WebView/WebPreferences.mm
Source/WebKit/mac/WebView/WebPreferencesPrivate.h
Source/WebKit/mac/WebView/WebView.mm
Source/WebKit/win/ChangeLog
Source/WebKit/win/Interfaces/IWebPreferencesPrivate.idl
Source/WebKit/win/WebPreferenceKeysPrivate.h
Source/WebKit/win/WebPreferences.cpp
Source/WebKit/win/WebPreferences.h
Source/WebKit/win/WebView.cpp
Source/WebKit2/ChangeLog
Source/WebKit2/Shared/WebPreferencesDefinitions.h
Source/WebKit2/UIProcess/API/C/WKPreferences.cpp
Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h
Source/WebKit2/WebProcess/InjectedBundle/InjectedBundle.cpp
Source/WebKit2/WebProcess/WebPage/WebPage.cpp
Tools/ChangeLog
Tools/DumpRenderTree/mac/DumpRenderTree.mm
Tools/DumpRenderTree/win/DumpRenderTree.cpp
Tools/WebKitTestRunner/TestController.cpp