Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7fec1840ae0adc257994d9f0f5c723df5013a232
https://github.com/WebKit/WebKit/commit/7fec1840ae0adc257994d9f0f5c723df5013a232
Author: Frédéric Wang Nélar <[email protected]>
Date: 2026-04-17 (Fri, 17 Apr 2026)
Changed paths:
A
LayoutTests/fast/pdf-plugin-destruction-dispatches-print-event-crash-expected.txt
A LayoutTests/fast/pdf-plugin-destruction-dispatches-print-event-crash.html
M Source/WebCore/loader/DocumentLoader.cpp
Log Message:
-----------
[WebKit][Main+SU] [fdae418b9cd3d6ba] WK_SEC |
WebCore::EventTarget::fireEventListeners;
WebCore::LocalDOMWindow::dispatchEvent; WebCore::dispatchPrintEvent
https://bugs.webkit.org/show_bug.cgi?id=303411
rdar://165712958
Reviewed by Ryosuke Niwa.
Document::updateStyleIfNeeded() forbids script execution in main thread
by creating a ScriptDisallowedScope. However, it can also trigger the
destruction of a PluginView, which may end up dispatching a print event,
triggering an assertion with security implication for
ScriptDisallowedScope::isScriptAllowedInMainThread(). In order to avoid
that issue, we ensure the print event is dispatched asynchronously.
Test: fast/pdf-plugin-destruction-dispatches-print-event-crash.html
*
LayoutTests/fast/pdf-plugin-destruction-dispatches-print-event-crash-expected.txt:
Added.
* LayoutTests/fast/pdf-plugin-destruction-dispatches-print-event-crash.html:
Added.
* Source/WebCore/loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::removePlugInStreamLoader): Perform the load
completion check asynchronously, so that we don't execute any script in this
context.
Originally-landed-as: [email protected] (308756637681).
rdar://174957681
Canonical link: https://commits.webkit.org/311496@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
