fix: dangling speculative frames (#45686)
* fix: dangling speculative frames Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * harden lifecycle state checks Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * feedback Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> * add const Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Samuel Maddock <smaddock@slack-corp.com>
This commit is contained in:
trop[bot]
GitHub
parent
497849bf66
commit
74c71dbb2d
6 changed files with 174 additions and 53 deletions
|
|
@ -1792,7 +1792,6 @@ void WebContents::RenderFrameDeleted(
|
|||
// - An <iframe> is removed from the DOM.
|
||||
// - Cross-origin navigation creates a new RFH in a separate process which
|
||||
// is swapped by content::RenderFrameHostManager.
|
||||
//
|
||||
|
||||
// WebFrameMain::FromRenderFrameHost(rfh) will use the RFH's FrameTreeNode ID
|
||||
// to find an existing instance of WebFrameMain. During a cross-origin
|
||||
|
|
@ -1800,8 +1799,13 @@ void WebContents::RenderFrameDeleted(
|
|||
// this special case, we need to also ensure that WebFrameMain's internal RFH
|
||||
// matches before marking it as disposed.
|
||||
auto* web_frame = WebFrameMain::FromRenderFrameHost(render_frame_host);
|
||||
if (web_frame && web_frame->render_frame_host() == render_frame_host)
|
||||
web_frame->MarkRenderFrameDisposed();
|
||||
if (web_frame) {
|
||||
// Need to directly compare frame tokens as frames pending deletion can no
|
||||
// longer be looked up using content::RenderFrameHost::FromFrameToken().
|
||||
if (web_frame->frame_token_ == render_frame_host->GetGlobalFrameToken()) {
|
||||
web_frame->MarkRenderFrameDisposed();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void WebContents::RenderFrameHostChanged(content::RenderFrameHost* old_host,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue