From d28f3e07354b0e65221e1e240c67792f4d314876 Mon Sep 17 00:00:00 2001 From: Simon Wanner Date: Sun, 3 Apr 2022 22:26:34 +0200 Subject: [PATCH] LibWeb: Handle failed browsing context creation in HTMLObjectElement If the document is not attached to a browsing context we can't create a new nested browsing context. This can happen when the resource load for the finishes after the user navigated away from the current document, for example by reloading ACID 3 while it's running. --- Userland/Libraries/LibWeb/HTML/HTMLObjectElement.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Userland/Libraries/LibWeb/HTML/HTMLObjectElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLObjectElement.cpp index 8c59e43d23..1847fffbfa 100644 --- a/Userland/Libraries/LibWeb/HTML/HTMLObjectElement.cpp +++ b/Userland/Libraries/LibWeb/HTML/HTMLObjectElement.cpp @@ -217,6 +217,10 @@ void HTMLObjectElement::run_object_representation_handler_steps(Optional if (!m_nested_browsing_context) create_new_nested_browsing_context(); + // NOTE: Creating a new nested browsing context can fail if the document is not attached to a browsing context + if (!m_nested_browsing_context) + return; + // If the URL of the given resource does not match about:blank, then navigate the element's nested browsing context to that resource, with historyHandling set to "replace" and the source browsing context set to the object element's node document's browsing context. (The data attribute of the object element doesn't get updated if the browsing context gets further navigated to other locations.) if (auto const& url = resource()->url(); url != "about:blank"sv) m_nested_browsing_context->loader().load(url, FrameLoader::Type::IFrame);