Skip to content

GitLab

T
tangled
Commit 48a23d74 authored by Hiroki Nakagawa's avatar Hiroki Nakagawa Committed by Commit Bot
Browse files
Options

Worker: Don't touch SharedWorkerClient when a connecting document may get destroyed 

Bug: 958689
Change-Id: Ica6a150032a587cb79f76cd58ac87afa13ffd098
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1613117
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: default avatarMatt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#660337}
parent 9edba1f3
Hide whitespace changes
Inline Side-by-side
Showing with 33 additions and 1 deletion
third_party/blink/renderer/core/workers/shared_worker_client.cc
View file @ 48a23d74
...@@ -42,8 +42,12 @@ void SharedWorkerClient::OnConnected( ...@@ -42,8 +42,12 @@ void SharedWorkerClient::OnConnected(
} }
void SharedWorkerClient::OnScriptLoadFailed() { void SharedWorkerClient::OnScriptLoadFailed() {
worker_->DispatchEvent(*Event::CreateCancelable(event_type_names::kError));
worker_->SetIsBeingConnected(false); worker_->SetIsBeingConnected(false);
worker_->DispatchEvent(*Event::CreateCancelable(event_type_names::kError));
// |this| can be destroyed at this point, for example, when a frame hosting
// this shared worker is detached in the error handler, and closes mojo's
// strong bindings bound with |this| in
// SharedWorkerClientHolder::ContextDestroyed().
} }
void SharedWorkerClient::OnFeatureUsed(mojom::WebFeature feature) { void SharedWorkerClient::OnFeatureUsed(mojom::WebFeature feature) {
......
third_party/blink/web_tests/external/wpt/workers/SharedWorker-detach-frame-in-error-event.html 0 → 100644
View file @ 48a23d74
<!DOCTYPE html>
<title>Test frame detach in shared worker's error handler</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<body>
<iframe id="frame"></iframe>
</body>
<script>
promise_test(t => {
const frame = document.getElementById('frame');
const promise = new Promise(resolve => {
window.detachFrame = () => {
frame.remove();
resolve();
};
});
// Start a new worker with an invalid script in the frame, and detach the
// frame in the worker's error handler. This shouldn't crash.
const s = frame.contentWindow.document.createElement('script');
s.innerHTML = "const worker = new SharedWorker('error');" +
"worker.onerror = () => { window.parent.detachFrame(); };";
frame.contentWindow.document.body.appendChild(s);
return promise;
});
</script>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment