Do not reset navigation state when BeforeUnload is cancelled by a commit
It is possible for a cross-site navigation to commit while a BeforeUnload
confirmation dialog is showing. This will destroy dialog and call
WebContentsImpl::OnDialogClosed. This function should not reset the navigatin
state if the RenderFrameHost that was showing the dialog is no longer the
current RenderFrameHost.
BUG=589365
Review URL: https://codereview.chromium.org/1825523002
Cr-Commit-Position: refs/heads/master@{#384674}
diff --git a/content/browser/web_contents/web_contents_impl.cc b/content/browser/web_contents/web_contents_impl.cc
index 552dfb6..53c459d 100644
--- a/content/browser/web_contents/web_contents_impl.cc
+++ b/content/browser/web_contents/web_contents_impl.cc
@@ -4688,9 +4688,12 @@
last_dialog_suppressed_ = dialog_was_suppressed;
if (is_showing_before_unload_dialog_ && !success) {
- if (rfh)
+ // It is possible for the current RenderFrameHost to have changed in the
+ // meantime. Do not reset the navigation state in that case.
+ if (rfh && rfh == rfh->frame_tree_node()->current_frame_host()) {
rfh->frame_tree_node()->BeforeUnloadCanceled();
- controller_.DiscardNonCommittedEntries();
+ controller_.DiscardNonCommittedEntries();
+ }
FOR_EACH_OBSERVER(WebContentsObserver, observers_,
BeforeUnloadDialogCancelled());
