[Chromium] Crash after magic iframe transfer for Pepper/NaCl plugins.
authordimich@chromium.org <dimich@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Sep 2011 21:05:28 +0000 (21:05 +0000)
committerdimich@chromium.org <dimich@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Sep 2011 21:05:28 +0000 (21:05 +0000)
commit301ac2a88746762a788d6e722e9c734fdacfbbf6
treef95a70596a329689284a8e3db96112193b6d0cfe
parentd74b500d43a372fb40f96c6a6fd5728c0d186913
[Chromium] Crash after magic iframe transfer for Pepper/NaCl plugins.
https://bugs.webkit.org/show_bug.cgi?id=68267
Make adoptNode() to not enable live iframe transfer when the iframe's subtree contains plugins.

Reviewed by Adam Barth.

Source/WebCore:

Test: fast/frames/iframe-reparenting-embed-elements.html

* dom/Document.cpp:
(WebCore::Document::adoptNode):
* html/HTMLFrameElementBase.cpp:
(WebCore::hasPluginElements):
(WebCore::HTMLFrameElementBase::canRemainAliveOnRemovalFromTree):
* html/HTMLFrameElementBase.h:

LayoutTests:

* fast/frames/iframe-reparenting-embed-elements-expected.txt: Added.
* fast/frames/iframe-reparenting-embed-elements.html: Added.
* fast/frames/resources/iframe-reparenting-embed-frame1.html: Added.
* fast/frames/resources/iframe-reparenting-embed-iframe.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95471 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/frames/iframe-reparenting-embed-elements-expected.txt [new file with mode: 0644]
LayoutTests/fast/frames/iframe-reparenting-embed-elements.html [new file with mode: 0644]
LayoutTests/fast/frames/resources/iframe-reparenting-embed-frame1.html [new file with mode: 0644]
LayoutTests/fast/frames/resources/iframe-reparenting-embed-iframe.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Document.cpp
Source/WebCore/html/HTMLFrameElementBase.cpp
Source/WebCore/html/HTMLFrameElementBase.h