Diff
Modified: branches/safari-603-branch/LayoutTests/ChangeLog (214519 => 214520)
--- branches/safari-603-branch/LayoutTests/ChangeLog 2017-03-29 03:28:18 UTC (rev 214519)
+++ branches/safari-603-branch/LayoutTests/ChangeLog 2017-03-29 03:28:22 UTC (rev 214520)
@@ -1,5 +1,22 @@
2017-03-28 Jason Marcell <jmarc...@apple.com>
+ Merge r214194. rdar://problem/31101594
+
+ 2017-03-20 Daniel Bates <daba...@apple.com>
+
+ Prevent new navigations from onbeforeunload handler
+ https://bugs.webkit.org/show_bug.cgi?id=169891
+ <rdar://problem/31155736>
+
+ Reviewed by Ryosuke Niwa.
+
+ Update test to ensure that we disallow navigation initiated via a DOM click event from
+ an onbeforeunload handler.
+
+ * fast/events/before-unload-forbidden-navigation.html:
+
+2017-03-28 Jason Marcell <jmarc...@apple.com>
+
Merge r214237. rdar://problem/31178134
2017-03-21 Brady Eidson <beid...@apple.com>
Modified: branches/safari-603-branch/LayoutTests/fast/events/before-unload-forbidden-navigation.html (214519 => 214520)
--- branches/safari-603-branch/LayoutTests/fast/events/before-unload-forbidden-navigation.html 2017-03-29 03:28:18 UTC (rev 214519)
+++ branches/safari-603-branch/LayoutTests/fast/events/before-unload-forbidden-navigation.html 2017-03-29 03:28:22 UTC (rev 214520)
@@ -12,6 +12,7 @@
}
var log = document.getElementById('log');
+var didFireBeforeUnloadEvent = false;
function test(iframe) {
if (iframe.done) {
@@ -25,9 +26,22 @@
iframe.contentWindow.location.href = '';
}
+function navigateByClickingHyperlink(contentWindow, url) {
+ var link = contentWindow.document.createElement('a');
+ link.href = ""
+ link.click();
+}
+
function fired(contentWindow) {
+ if (didFireBeforeUnloadEvent)
+ return;
+ didFireBeforeUnloadEvent = true;
+
location.href = '';
contentWindow.location.href = '';
+ navigateByClickingHyperlink(contentWindow, 'resources/before-unload-in-subframe-fail.html');
+ navigateByClickingHyperlink(window, 'resources/before-unload-in-subframe-fail.html');
+
log.innerHTML = 'PASS 1/2';
contentWindow.frameElement.halfPassed = true;
}
Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (214519 => 214520)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-03-29 03:28:18 UTC (rev 214519)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-03-29 03:28:22 UTC (rev 214520)
@@ -1,5 +1,28 @@
2017-03-28 Jason Marcell <jmarc...@apple.com>
+ Merge r214194. rdar://problem/31101594
+
+ 2017-03-20 Daniel Bates <daba...@apple.com>
+
+ Prevent new navigations from onbeforeunload handler
+ https://bugs.webkit.org/show_bug.cgi?id=169891
+ <rdar://problem/31155736>
+
+ Reviewed by Ryosuke Niwa.
+
+ Ensure that all navigations initiated from an onbeforeunload handler are disallowed
+ regardless of how they were scheduled. Such navigations go against the expectation
+ of a user.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::isNavigationAllowed): Added.
+ (WebCore::FrameLoader::loadURL): Modified code to call FrameLoader::isNavigationAllowed().
+ (WebCore::FrameLoader::loadWithDocumentLoader): Ditto.
+ (WebCore::FrameLoader::stopAllLoaders): Ditto.
+ * loader/FrameLoader.h:
+
+2017-03-28 Jason Marcell <jmarc...@apple.com>
+
Merge r214237. rdar://problem/31178134
2017-03-21 Brady Eidson <beid...@apple.com>
Modified: branches/safari-603-branch/Source/WebCore/loader/FrameLoader.cpp (214519 => 214520)
--- branches/safari-603-branch/Source/WebCore/loader/FrameLoader.cpp 2017-03-29 03:28:18 UTC (rev 214519)
+++ branches/safari-603-branch/Source/WebCore/loader/FrameLoader.cpp 2017-03-29 03:28:22 UTC (rev 214520)
@@ -1193,6 +1193,11 @@
return propagatedPolicy;
}
+bool FrameLoader::isNavigationAllowed() const
+{
+ return m_pageDismissalEventBeingDispatched == PageDismissalType::None && NavigationDisablerForBeforeUnload::isNavigationAllowed();
+}
+
void FrameLoader::loadURL(const FrameLoadRequest& frameLoadRequest, const String& referrer, FrameLoadType newLoadType, Event* event, PassRefPtr<FormState> prpFormState)
{
if (m_inStopAllLoaders)
@@ -1233,7 +1238,7 @@
return;
}
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
NavigationAction action(request, newLoadType, isFormSubmission, event, frameLoadRequest.shouldOpenExternalURLsPolicy(), frameLoadRequest.downloadAttribute());
@@ -1430,7 +1435,7 @@
ASSERT(m_frame.view());
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
if (m_frame.document())
@@ -1617,7 +1622,7 @@
void FrameLoader::stopAllLoaders(ClearProvisionalItemPolicy clearProvisionalItemPolicy)
{
ASSERT(!m_frame.document() || m_frame.document()->pageCacheState() != Document::InPageCache);
- if (m_pageDismissalEventBeingDispatched != PageDismissalType::None)
+ if (!isNavigationAllowed())
return;
// If this method is called from within this method, infinite recursion can occur (3442218). Avoid this.
Modified: branches/safari-603-branch/Source/WebCore/loader/FrameLoader.h (214519 => 214520)
--- branches/safari-603-branch/Source/WebCore/loader/FrameLoader.h 2017-03-29 03:28:18 UTC (rev 214519)
+++ branches/safari-603-branch/Source/WebCore/loader/FrameLoader.h 2017-03-29 03:28:22 UTC (rev 214520)
@@ -390,6 +390,8 @@
void applyShouldOpenExternalURLsPolicyToNewDocumentLoader(DocumentLoader&, ShouldOpenExternalURLsPolicy propagatedPolicy);
+ bool isNavigationAllowed() const;
+
Frame& m_frame;
FrameLoaderClient& m_client;
