mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-01-23 09:46:04 -05:00
Code Issues Projects Releases Packages Wiki Activity

LibWeb: Do not spin the event loop on processing iframe attributes

Browse source 
Partially reverting a3149c1ce9

Spinning the event loop was causing a crash on:

https://wpt.live/url/percent-encoding.window.html

As it was turning what is meant to be a synchronous operation into an
asynchronous one.

The sequence demonstrated by the reproducing test is as follows:
  * A src attribute is changed for the iframe
  * process_the_iframe_attributes entered with valid content navigable
  * Event loop is spun, allowing the queued iframe removal to execute
  * process_the_iframe_attributes continues with null content navigable
  * 💥
This commit is contained in:
Shannon Booth 2024-10-07 16:44:16 +13:00 committed by Alexander Kalenik
parent 62e732e5ad
commit 30377e6e35
Notes: github-actions[bot] 2024-10-07 13:11:44 +00:00
3 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Tests/LibWeb/Text/expected/iframe-removed-asyncronously.txt Normal file
View file

@ -0,0 +1 @@
PASS! (Didn't crash)

20
Tests/LibWeb/Text/input/iframe-removed-asyncronously.html Normal file
View file

@ -0,0 +1,20 @@
<body>
</body>
<script src="include.js"></script>
<script>
asyncTest(done => {
let frame = document.body.appendChild(document.createElement("iframe"));
setTimeout(() => {
frame.remove();
setTimeout(() => {
println("PASS! (Didn't crash)");
done();
}, 0);
}, 0);
frame.src = `../data/iframe-with-border-radius-svg.html`;
})
</script>

6
Userland/Libraries/LibWeb/HTML/HTMLIFrameElement.cpp
View file

@ -77,12 +77,6 @@ void HTMLIFrameElement::process_the_iframe_attributes(bool initial_insertion)
if (!content_navigable()) if (!content_navigable())
return; return;
// Make sure applying of history step caused by potential sync navigation to "about:blank"
// is finished. Otherwise, it might interrupt navigation caused by changing src or srcdoc.
if (!initial_insertion && !content_navigable_initialized()) {
main_thread_event_loop().spin_processing_tasks_with_source_until(Task::Source::NavigationAndTraversal, [this] { return content_navigable_initialized(); });
}
// 1. If element's srcdoc attribute is specified, then: // 1. If element's srcdoc attribute is specified, then:
if (has_attribute(HTML::AttributeNames::srcdoc)) { if (has_attribute(HTML::AttributeNames::srcdoc)) {
// 1. Set element's current navigation was lazy loaded boolean to false. // 1. Set element's current navigation was lazy loaded boolean to false.