If WebEngineView component contains JS code in usersScript array property application crashed when open a new view in a new tab. Functions call stack:

>	Qt5WebEngineCored.dll!v8::Local<v8::Object>::operator*() Line 234	C++
 	Qt5WebEngineCored.dll!scoped_ptr<blink::WebSyncRegistration const ,base::DefaultDeleter<blink::WebSyncRegistration const > >::get() Line 389	C++
 	Qt5WebEngineCored.dll!QtWebEngineCore::WebContentsAdapter::webContents() Line 891	C++
 	Qt5WebEngineCored.dll!QtWebEngineCore::UserScriptControllerHost::removeUserScript(const QtWebEngineCore::UserScript & script, QtWebEngineCore::WebContentsAdapter * adapter) Line 166	C++
 	Qt5WebEngined.dll!QQuickWebEngineScriptPrivate::aboutToUpdateUnderlyingScript() Line 258	C++
 	Qt5WebEngined.dll!QQuickWebEngineScriptPrivate::bind(QtWebEngineCore::UserScriptControllerHost * scriptController, QtWebEngineCore::WebContentsAdapter * adapter) Line 241	C++
 	Qt5WebEngined.dll!QQuickWebEngineViewPrivate::ensureContentsAdapter() Line 737	C++
 	Qt5WebEngined.dll!QQuickWebEngineViewPrivate::setProfile(QQuickWebEngineProfile * profile) Line 872	C++
 	Qt5WebEngined.dll!QQuickWebEngineView::setProfile(QQuickWebEngineProfile * profile) Line 839	C++
 	Qt5WebEngined.dll!QQuickWebEngineView::qt_static_metacall(QObject * _o, QMetaObject::Call _c, int _id, void * * _a) Line 857	C++
 	Qt5WebEngined.dll!QQuickWebEngineView::qt_metacall(QMetaObject::Call _c, int _id, void * * _a) Line 906	C++
 	Qt5Cored.dll!QMetaObject::metacall(QObject * object, QMetaObject::Call cl, int idx, void * * argv) Line 296	C++
 	Qt5Qmld.dll!QQmlPropertyPrivate::write(QObject * object, const QQmlPropertyData & property, const QVariant & value, QQmlContextData * context, QFlags<enum QQmlPropertyPrivate::WriteFlag> flags) Line 1268	C++
 	Qt5Qmld.dll!QV4::QObjectWrapper::setProperty(QV4::ExecutionEngine * engine, QObject * object, QQmlPropertyData * property, const QV4::Value & value) Line 536	C++
 	Qt5Qmld.dll!QV4::QObjectWrapper::setQmlProperty(QV4::ExecutionEngine * engine, QQmlContextData * qmlContext, QObject * object, QV4::String * name, QV4::QObjectWrapper::RevisionMode revisionMode, const QV4::Value & value) Line 424	C++
 	Qt5Qmld.dll!QV4::QObjectWrapper::put(QV4::Managed * m, QV4::String * name, const QV4::Value & value) Line 693	C++
 	Qt5Qmld.dll!QV4::Object::put(QV4::String * name, const QV4::Value & v) Line 302	C++
 	Qt5Qmld.dll!QV4::Runtime::setProperty(QV4::ExecutionEngine * engine, const QV4::Value & object, int nameIndex, const QV4::Value & value) Line 572	C++
 	[External Code]	

Archive testWebEngineView.zip contains test project (based on quicknanobrowser project from Qt5 examples) that used userScripts with one dummy JS script. In my case application crashed immediately after running. Crash occur when code try to resolve pointer to already deleted memory location.

This bug seems be a continuation of previously closed QTBUG-45842, QTBUG-48984 and occur only on Windows platform. On my Ubuntu 15.04 on the same machine - no crashes occur.

I made some investigation and found that reason located in void QQuickWebEngineScriptPrivate::bind(...) function, see <qt5source>\qtwebengine\src\webengine\api\qquickwebenginescript.cpp:241. Here pointer to WebContentsAdapter object assigned to another pointer. But object itself is a shared object and direct assignment of raw pointer doesn't follow shared data pointer's logic (no ref counter of shared object incremented) so this assignmnet doesn't changed inner data of object. But in another place of program (for this particular case in void QQuickWebEngineViewPrivate::setProfile(QQuickWebEngineProfile *profile), line 870) explicit shared data pointer to this WebContentsAdapter object is assigned to 0. Because previous assignment in script object doesn't incremented ref counter for shared object this operation in QQuickWebEngineViewPrivate object decrement ref counter of shared object and finally delete object itself because ref counter became = 0. Then during initiating script object in a new view exception occur in function void QQuickWebEngineScriptPrivate::aboutToUpdateUnderlyingScript() in line 256 when removing user script from controller.
On Ubuntu this exception doesn't occur because process flow changed: function adoptNewWindow() called early and increment ref counter (why it happen I don't analyzed) for the shared object and it is not deleted during setProfile() function call and deleted later in aboutToUpdateUnderlyingScript() function call.

Workaround can be different. I made changes in QQuickWebEngineScriptPrivate class definition and made m_adapter member be QExplicitlySharedDataPointer<QtWebEngineCore::WebContentsAdapter> type instead of simple QtWebEngineCore::WebContentsAdapter* pointer. This changes has little impact on the rest of code. Code of used patch is attached (see userScripts.patch)