Changeset 143441 in webkit
- Timestamp:
- Feb 20, 2013 1:58:37 AM (11 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 6 edited
-
ChangeLog (modified) (1 diff)
-
bindings/v8/ScriptValue.cpp (modified) (5 diffs)
-
bindings/v8/ScriptValue.h (modified) (6 diffs)
-
bindings/v8/SharedPersistent.h (modified) (1 diff)
-
bindings/v8/custom/V8InjectedScriptHostCustom.cpp (modified) (1 diff)
-
bindings/v8/custom/V8MessageEventCustom.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r143440 r143441 1 2013-02-20 Dan Carney <dcarney@google.com> 2 3 [v8] ScriptValue has dangerous copy semantics 4 https://bugs.webkit.org/show_bug.cgi?id=110206 5 6 Reviewed by Kentaro Hara. 7 8 Update ScriptValue to used a SharedPersistent, 9 making it impossible to return dead references. 10 11 No new tests. No change in functionality. 12 13 * bindings/v8/ScriptValue.cpp: 14 (WebCore::ScriptValue::serialize): 15 (WebCore::ScriptValue::getString): 16 (WebCore::ScriptValue::toString): 17 (WebCore::ScriptValue::toInspectorValue): 18 * bindings/v8/ScriptValue.h: 19 (WebCore::ScriptValue::ScriptValue): 20 (WebCore::ScriptValue::operator=): 21 (WebCore::ScriptValue::operator==): 22 (WebCore::ScriptValue::isEqual): 23 (WebCore::ScriptValue::isFunction): 24 (WebCore::ScriptValue::isNull): 25 (WebCore::ScriptValue::isUndefined): 26 (WebCore::ScriptValue::isObject): 27 (WebCore::ScriptValue::hasNoValue): 28 (WebCore::ScriptValue::clear): 29 (ScriptValue): 30 (WebCore::ScriptValue::v8Value): 31 (WebCore::ScriptValue::v8ValueRaw): 32 * bindings/v8/SharedPersistent.h: 33 * bindings/v8/custom/V8InjectedScriptHostCustom.cpp: 34 (WebCore::InjectedScriptHost::scriptValueAsNode): 35 * bindings/v8/custom/V8MessageEventCustom.cpp: 36 (WebCore::V8MessageEvent::dataAttrGetterCustom): 37 1 38 2013-02-20 Andrey Lushnikov <lushnikov@chromium.org> 2 39 -
trunk/Source/WebCore/bindings/v8/ScriptValue.cpp
r126564 r143441 48 48 { 49 49 ScriptScope scope(scriptState); 50 return SerializedScriptValue::create(v8Value ());50 return SerializedScriptValue::create(v8ValueRaw()); 51 51 } 52 52 … … 54 54 { 55 55 ScriptScope scope(scriptState); 56 return SerializedScriptValue::create(v8Value (), messagePorts, arrayBuffers, didThrow);56 return SerializedScriptValue::create(v8ValueRaw(), messagePorts, arrayBuffers, didThrow); 57 57 } 58 58 … … 65 65 bool ScriptValue::getString(String& result) const 66 66 { 67 if ( m_value.isEmpty())67 if (hasNoValue()) 68 68 return false; 69 69 70 if (! m_value->IsString())70 if (!v8ValueRaw()->IsString()) 71 71 return false; 72 72 73 result = toWebCoreString( m_value.get());73 result = toWebCoreString(v8ValueRaw()); 74 74 return true; 75 75 } … … 78 78 { 79 79 v8::TryCatch block; 80 v8::Handle<v8::String> string = m_value->ToString();80 v8::Handle<v8::String> string = v8ValueRaw()->ToString(); 81 81 if (block.HasCaught()) 82 82 return String(); … … 143 143 // v8::Object::GetPropertyNames() expects current context to be not null. 144 144 v8::Context::Scope contextScope(scriptState->context()); 145 return v8ToInspectorValue( m_value.get(), InspectorValue::maxDepth);145 return v8ToInspectorValue(v8ValueRaw(), InspectorValue::maxDepth); 146 146 } 147 147 #endif -
trunk/Source/WebCore/bindings/v8/ScriptValue.h
r126564 r143441 32 32 #define ScriptValue_h 33 33 34 #include "ScopedPersistent.h"35 34 #include "ScriptState.h" 35 #include "SharedPersistent.h" 36 36 #include <v8.h> 37 37 #include <wtf/PassRefPtr.h> … … 61 61 virtual ~ScriptValue(); 62 62 63 ScriptValue(v8::Handle<v8::Value> value) 63 ScriptValue(v8::Handle<v8::Value> value) 64 : m_value(value.IsEmpty() ? 0 : SharedPersistent<v8::Value>::create(value)) 64 65 { 65 if (value.IsEmpty())66 return;67 m_value.set(value);68 66 } 69 67 70 ScriptValue(const ScriptValue& value) 68 ScriptValue(const ScriptValue& value) 69 : m_value(value.m_value) 71 70 { 72 if (value.hasNoValue())73 return;74 m_value.set(value.m_value.get());75 71 } 76 72 77 73 ScriptValue& operator=(const ScriptValue& value) 78 74 { 79 if (this == &value) 80 return *this; 81 82 m_value.clear(); 83 84 if (value.hasNoValue()) 85 return *this; 86 87 m_value.set(value.m_value.get()); 75 if (this != &value) 76 m_value = value.m_value; 88 77 return *this; 89 78 } … … 91 80 bool operator==(const ScriptValue& value) const 92 81 { 93 return m_value.get() == value.m_value.get();82 return v8ValueRaw() == value.v8ValueRaw(); 94 83 } 95 84 96 85 bool isEqual(ScriptState*, const ScriptValue& value) const 97 86 { 98 return m_value.get() == value.m_value.get();87 return operator==(value); 99 88 } 100 89 101 90 bool isFunction() const 102 91 { 103 return m_value->IsFunction(); 92 ASSERT(!hasNoValue()); 93 return v8ValueRaw()->IsFunction(); 104 94 } 105 95 … … 111 101 bool isNull() const 112 102 { 113 return m_value->IsNull(); 103 ASSERT(!hasNoValue()); 104 return v8ValueRaw()->IsNull(); 114 105 } 115 106 116 107 bool isUndefined() const 117 108 { 118 return m_value->IsUndefined(); 109 ASSERT(!hasNoValue()); 110 return v8ValueRaw()->IsUndefined(); 119 111 } 120 112 121 113 bool isObject() const 122 114 { 123 return m_value->IsObject(); 115 ASSERT(!hasNoValue()); 116 return v8ValueRaw()->IsObject(); 124 117 } 125 118 126 119 bool hasNoValue() const 127 120 { 128 return m_value.isEmpty();121 return !m_value.get() || m_value->get().IsEmpty(); 129 122 } 130 123 … … 135 128 void clear() 136 129 { 137 m_value .clear();130 m_value = 0; 138 131 } 139 132 140 v8::Handle<v8::Value> v8Value() const { return m_value.get(); } 133 v8::Handle<v8::Value> v8Value() const 134 { 135 return v8::Local<v8::Value>::New(v8ValueRaw()); 136 } 137 138 // FIXME: This function should be private. 139 v8::Handle<v8::Value> v8ValueRaw() const 140 { 141 return m_value.get() ? m_value->get() : v8::Handle<v8::Value>(); 142 } 141 143 142 144 bool getString(ScriptState*, String& result) const { return getString(result); } … … 147 149 148 150 private: 149 ScopedPersistent<v8::Value> m_value;151 RefPtr<SharedPersistent<v8::Value> > m_value; 150 152 }; 151 153 -
trunk/Source/WebCore/bindings/v8/SharedPersistent.h
r128159 r143441 39 39 namespace WebCore { 40 40 41 // FIXME: Remove this class.42 41 template <typename T> 43 42 class SharedPersistent : public RefCounted<SharedPersistent<T> > { -
trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp
r142849 r143441 66 66 if (!value.isObject() || value.isNull()) 67 67 return 0; 68 return V8Node::toNative(v8::Handle<v8::Object>::Cast(value.v8Value ()));68 return V8Node::toNative(v8::Handle<v8::Object>::Cast(value.v8ValueRaw())); 69 69 } 70 70 -
trunk/Source/WebCore/bindings/v8/custom/V8MessageEventCustom.cpp
r142849 r143441 54 54 result = v8Null(info.GetIsolate()); 55 55 else 56 result = v8::Local<v8::Value>::New(scriptValue.v8Value());56 result = scriptValue.v8Value(); 57 57 break; 58 58 }
Note: See TracChangeset
for help on using the changeset viewer.
