From 6dba6e09f232d333432972b64d0074cbee59ca7a Mon Sep 17 00:00:00 2001
From: Steve Block <steveblock@google.com>
Date: Thu, 9 Sep 2010 11:17:57 +0100
Subject: Cherry-pick security fix in WebKit change 65280

See http://trac.webkit.org/changeset/65280

Bug: 2986936
Change-Id: Ia70edaa46747536a9e7adc05493ef70a9baec610
---
 WebCore/page/Page.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'WebCore')

diff --git a/WebCore/page/Page.cpp b/WebCore/page/Page.cpp
index c7d3de1..7de1a09 100644
--- a/WebCore/page/Page.cpp
+++ b/WebCore/page/Page.cpp
@@ -393,7 +393,13 @@ void Page::refreshPlugins(bool reload)
 
     HashSet<Page*>::iterator end = allPages->end();
     for (HashSet<Page*>::iterator it = allPages->begin(); it != end; ++it) {
-        (*it)->m_pluginData = 0;
+        Page* page = *it;
+
+        // Clear out the page's plug-in data.
+        if (page->m_pluginData) {
+            page->m_pluginData->disconnectPage();
+            page->m_pluginData = 0;
+        }
 
         if (reload) {
             for (Frame* frame = (*it)->mainFrame(); frame; frame = frame->tree()->traverseNext()) {
-- 
cgit v1.1