WebCore:
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2009 17:22:07 +0000 (17:22 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 6 Mar 2009 17:22:07 +0000 (17:22 +0000)
commit968f147955d8d702eb20becbdf9b5d43631a88f8
treefae0ee213ffd63aa4bf53163bed512348f5ee167
parent082e8dc0168bdc9fb36ca8850dfc23b8e38a32cf
WebCore:

2009-03-06  Darin Adler  <darin@apple.com>

        Reviewed by Darin Fisher.

        Bug 24422: REGRESSION: null-URL crash in FrameLoader setting location.hash on new window
        https://bugs.webkit.org/show_bug.cgi?id=24422
        rdar://problem/6402208

        Test: fast/dom/location-new-window-no-crash.html

        The issue here is empty (or null) URLs. I picked the "schedule navigation" bottleneck
        to add some checks for empty URLs. We could also put the empty URL checks at some
        other bottleneck level and add more assertions over time. I tried adding a few more
        assertions to functions like loadURL and hit them while running the regression tests,
        so it's probably going to be a bit tricky to clean this up throughout the loader.

        * loader/FrameLoader.cpp:
        (WebCore::ScheduledRedirection::ScheduledRedirection): Explicitly marked this struct
        immutable by making all its members const. Added assertions about the arguments,
        including that the URL is not empty. Initialized one uninitialized member in one of
        the constructors.
        (WebCore::FrameLoader::scheduleHTTPRedirection): Added an early exit to make this
        a no-op if passed an empty URL.
        (WebCore::FrameLoader::scheduleLocationChange): Ditto.
        (WebCore::FrameLoader::scheduleRefresh): Ditto.

LayoutTests:

2009-03-06  Darin Adler  <darin@apple.com>

        Reviewed by Darin Fisher.

        Bug 24422: REGRESSION: null-URL crash in FrameLoader setting location.hash on new window
        https://bugs.webkit.org/show_bug.cgi?id=24422
        rdar://problem/6402208

        The new test manipulates all the properties of the location object on a new window which
        has no location yet. I tested Firefox too and added comments about how its behavior differs
        from WebKit. At some point we may want to tweak our behavior to be a bit closer to theirs,
        or check IE's behavior or if HTML 5 or some other W3 specification has something to say
        about this, but for now the main purpose of the test is to verify we don't crash.

        * fast/dom/location-new-window-no-crash-expected.txt: Added.
        * fast/dom/location-new-window-no-crash.html: Added.
        * fast/dom/resources/location-new-window-no-crash.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@41484 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/dom/location-new-window-no-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/location-new-window-no-crash.html [new file with mode: 0644]
LayoutTests/fast/dom/resources/location-new-window-no-crash.js [new file with mode: 0644]
WebCore/ChangeLog
WebCore/loader/FrameLoader.cpp