summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--content/renderer/render_frame_impl.cc13
1 files changed, 12 insertions, 1 deletions
diff --git a/content/renderer/render_frame_impl.cc b/content/renderer/render_frame_impl.cc
index 38e058a..93029e3 100644
--- a/content/renderer/render_frame_impl.cc
+++ b/content/renderer/render_frame_impl.cc
@@ -3659,7 +3659,18 @@ bool RenderFrameImpl::willCheckAndDispatchMessageEvent(
if (!is_swapped_out_)
return false;
- CHECK(render_frame_proxy_);
+ // It is possible to get here on a swapped-out frame without a
+ // |render_frame_proxy_|. This happens when:
+ // - This process only has one active RenderView and is about to go away
+ // (e.g., due to cross-process navigation).
+ // - The top frame has a subframe with an unload handler.
+ // - The subframe sends a postMessage to the top-level frame in its unload
+ // handler.
+ // See https://crbug.com/475651 for details. We return false here, since we
+ // don't want to deliver the message to the new process in this case.
+ if (!render_frame_proxy_)
+ return false;
+
render_frame_proxy_->postMessageEvent(
source_frame, render_frame_proxy_->web_frame(), target_origin, event);
return true;
generated by cgit v1.1 at 2025-05-12 07:16:48 +0000