Source/WebCore: Unload events can crash us when they blank out a parent frame.
https://bugs.webkit.org/show_bug.cgi?id=64741
Author: Nate Chapin <japhet@chromium.org>
Reviewed by Adam Barth.
Test: fast/loader/document-destruction-within-unload.html
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopLoading): Prevent unload events
from going into infinite recursion.
(WebCore::FrameLoader::setDocumentLoader): Ensure we don't
let set m_documentLoader to a DocumentLoader with a null Frame*.
(WebCore::FrameLoader::detachChildren): Save off a vector of
children to detach, rather than doing it inline.
LayoutTests: Test for https://bugs.webkit.org/show_bug.cgi?id=64741.
Reviewed by Adam Barth.
* fast/loader/document-destruction-within-unload-expected.txt: Added.
* fast/loader/document-destruction-within-unload.html: Added.
* fast/loader/resources/document-destruction-within-unload-iframe.html: Added.
* fast/loader/resources/document-destruction-within-unload.svg: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@93521
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
Conflicts:
Source/WebCore/loader/FrameLoader.cpp