mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-01-23 09:46:04 -05:00
LibWeb: Do not spin the event loop on processing iframe attributes
Partially reverting a3149c1ce9
Spinning the event loop was causing a crash on:
https://wpt.live/url/percent-encoding.window.html
As it was turning what is meant to be a synchronous operation into an
asynchronous one.
The sequence demonstrated by the reproducing test is as follows:
* A src attribute is changed for the iframe
* process_the_iframe_attributes entered with valid content navigable
* Event loop is spun, allowing the queued iframe removal to execute
* process_the_iframe_attributes continues with null content navigable
* 💥
This commit is contained in:
parent
62e732e5ad
commit
30377e6e35
Notes:
github-actions[bot]
2024-10-07 13:11:44 +00:00
Author: https://github.com/shannonbooth Commit: https://github.com/LadybirdBrowser/ladybird/commit/30377e6e350 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/1658 Reviewed-by: https://github.com/kalenikaliaksandr ✅
3 changed files with 21 additions and 6 deletions
|
@ -0,0 +1 @@
|
|||
PASS! (Didn't crash)
|
20
Tests/LibWeb/Text/input/iframe-removed-asyncronously.html
Normal file
20
Tests/LibWeb/Text/input/iframe-removed-asyncronously.html
Normal file
|
@ -0,0 +1,20 @@
|
|||
<body>
|
||||
</body>
|
||||
<script src="include.js"></script>
|
||||
<script>
|
||||
asyncTest(done => {
|
||||
let frame = document.body.appendChild(document.createElement("iframe"));
|
||||
|
||||
setTimeout(() => {
|
||||
frame.remove();
|
||||
|
||||
setTimeout(() => {
|
||||
println("PASS! (Didn't crash)");
|
||||
done();
|
||||
}, 0);
|
||||
|
||||
}, 0);
|
||||
|
||||
frame.src = `../data/iframe-with-border-radius-svg.html`;
|
||||
})
|
||||
</script>
|
|
@ -77,12 +77,6 @@ void HTMLIFrameElement::process_the_iframe_attributes(bool initial_insertion)
|
|||
if (!content_navigable())
|
||||
return;
|
||||
|
||||
// Make sure applying of history step caused by potential sync navigation to "about:blank"
|
||||
// is finished. Otherwise, it might interrupt navigation caused by changing src or srcdoc.
|
||||
if (!initial_insertion && !content_navigable_initialized()) {
|
||||
main_thread_event_loop().spin_processing_tasks_with_source_until(Task::Source::NavigationAndTraversal, [this] { return content_navigable_initialized(); });
|
||||
}
|
||||
|
||||
// 1. If element's srcdoc attribute is specified, then:
|
||||
if (has_attribute(HTML::AttributeNames::srcdoc)) {
|
||||
// 1. Set element's current navigation was lazy loaded boolean to false.
|
||||
|
|
Loading…
Reference in a new issue