Open Bug 1704189 Opened 4 years ago Updated 4 years ago

Collection is broken for removed frames due to usage of BrowsingContext::ChildOffset

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Type:
defect

Tracking

()

Status:
ASSIGNED

People

(Reporter: u608768, Assigned: farre)

References

Details

(Whiteboard: [not-a-fission-bug])

STR

  1. Open https://kashav.ca/bugs/1704189/top.html.
  2. Fill in both inputs.
  3. Click the "remove frame 1" button. It should remove the first frame.
  4. Close the tab.
  5. Reopen the tab (Shift+Ctrl+T).
  6. You'll notice that the contents of the second frame were restored into the first frame.

Expected

Only the second form should have data.

Actual

The data from the second form was restored into the first form.

We do have measures in place to ensure that we don't restore data into a form with a different URL, so it's not a security concern, but it's definitely a bug.

Note that this also reproduces in Release (without Fission and without SHIP).

M8 since it also fails without Fission

Fission Milestone: M7a → M8
Fission Milestone: M8 → ---
Whiteboard: [not-a-fission-bug]
Assignee: nobody → afarre
Status: NEW → ASSIGNED
No longer blocks: fission-sessionstore
You need to log in before you can comment on or make changes to this bug.