Do not fire load events from frames with scripting disabled
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Dec 2015 19:49:56 +0000 (19:49 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 11 Dec 2015 19:49:56 +0000 (19:49 +0000)
https://bugs.webkit.org/show_bug.cgi?id=118042
<rdar://problem/14272857>

Reviewed by Brent Fulgham.

Since the crash is not reproducible, only test case from Blink r153029 is merged:
https://codereview.chromium.org/17682003

* fast/images/image-load-event-crash-expected.txt: Added.
* fast/images/image-load-event-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@193969 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/images/image-load-event-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/images/image-load-event-crash.html [new file with mode: 0644]

index c760267c69ed2fb5f4ca96907bf9d78e8f3aac61..6bfcfbff5e14830816337172628096b3653713b8 100644 (file)
@@ -1,3 +1,17 @@
+2015-12-11  Jiewen Tan  <jiewen_tan@apple.com>
+
+        Do not fire load events from frames with scripting disabled
+        https://bugs.webkit.org/show_bug.cgi?id=118042
+        <rdar://problem/14272857>
+
+        Reviewed by Brent Fulgham.
+
+        Since the crash is not reproducible, only test case from Blink r153029 is merged:
+        https://codereview.chromium.org/17682003
+
+        * fast/images/image-load-event-crash-expected.txt: Added.
+        * fast/images/image-load-event-crash.html: Added.
+
 2015-12-11  Brady Eidson  <beidson@apple.com>
 
         Modern IDB: storage/indexeddb/index-count.html fails.
 2015-12-11  Brady Eidson  <beidson@apple.com>
 
         Modern IDB: storage/indexeddb/index-count.html fails.
diff --git a/LayoutTests/fast/images/image-load-event-crash-expected.txt b/LayoutTests/fast/images/image-load-event-crash-expected.txt
new file mode 100644 (file)
index 0000000..9de104b
--- /dev/null
@@ -0,0 +1,2 @@
+PASS. WebKit didn't crash.
+
diff --git a/LayoutTests/fast/images/image-load-event-crash.html b/LayoutTests/fast/images/image-load-event-crash.html
new file mode 100644 (file)
index 0000000..23b1d6d
--- /dev/null
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<head>
+<style>
+img {
+    background-image: url("data:image/svg+xml,<svg></svg>");
+}
+</style>
+<script>
+function changeStyleAndLayout() {
+    document.body.style.height = '100px';
+    var forceLayout = document.body.offsetWidth;
+    if (window.testRunner)
+        testRunner.dumpAsText();
+}
+</script>
+</head>
+<body>
+    PASS. WebKit didn't crash.<br/>
+    <img onload="changeStyleAndLayout()" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==">
+</body>
+</html>
+