Changeset 24241 in webkit
- Timestamp:
- Jul 12, 2007 9:34:14 AM (17 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r24240 r24241 1 2007-07-11 Sam Weinig <sam@webkit.org> 2 3 Reviewed by Maciej. 4 5 Test for <rdar://problem/5329841> 6 Calling window.closed on a closed window causes Safari to crash 7 8 * fast/dom/Window/window-closed-crash-expected.txt: Added. 9 * fast/dom/Window/window-closed-crash.html: Added. 10 1 11 2007-07-12 Mitz Pettel <mitz@webkit.org> 2 12 -
trunk/WebCore/ChangeLog
r24238 r24241 1 2007-07-11 Sam Weinig <sam@webkit.org> 2 3 Reviewed by Maciej. 4 5 Patch for <rdar://problem/5329841> 6 Calling window.closed on a closed window causes Safari to crash 7 8 - Replaces the Frame member variable in KJS::Window for more appropriate DOMWindow 9 - Adds additional new null checks as necessary 10 - Removes bogus toBoolean method 11 - Removes unused scheduleClose method 12 13 Test: fast/dom/Window/window-closed-crash.html 14 15 * bindings/js/JSCustomXPathNSResolver.cpp: 16 (WebCore::JSCustomXPathNSResolver::create): 17 * bindings/js/JSDOMWindowCustom.cpp: 18 (WebCore::JSDOMWindow::customGetOwnPropertySlot): 19 (WebCore::JSDOMWindow::customPut): 20 * bindings/js/JSXMLHttpRequest.cpp: 21 (KJS::JSXMLHttpRequestPrototypeFunction::callAsFunction): 22 * bindings/js/kjs_events.cpp: 23 (WebCore::JSAbstractEventListener::handleEvent): 24 (WebCore::JSLazyEventListener::parseCode): 25 * bindings/js/kjs_window.cpp: 26 (KJS::Window::Window): 27 (KJS::Window::impl): 28 (KJS::Window::interpreter): 29 (KJS::Window::location): 30 (KJS::Window::find): 31 (KJS::allowPopUp): 32 (KJS::createWindow): 33 (KJS::canShowModalDialog): 34 (KJS::canShowModalDialogNow): 35 (KJS::showModalDialog): 36 (KJS::Window::getValueProperty): 37 (KJS::Window::childFrameGetter): 38 (KJS::Window::indexGetter): 39 (KJS::Window::namedItemGetter): 40 (KJS::Window::getOwnPropertySlot): 41 (KJS::Window::put): 42 (KJS::Window::isSafeScript): 43 (KJS::Window::setListener): 44 (KJS::Window::getListener): 45 (KJS::Window::clear): 46 (KJS::WindowFunc::callAsFunction): 47 (KJS::Window::updateLayout): 48 (KJS::ScheduledAction::execute): 49 (KJS::Window::disconnectFrame): 50 (KJS::Location::put): 51 (KJS::LocationFunc::callAsFunction): 52 * bindings/js/kjs_window.h: 53 * page/mac/WebCoreFrameBridge.mm: 54 (updateRenderingForBindings): 55 1 56 2007-07-12 Mark Rowe <mrowe@apple.com> 2 57 -
trunk/WebCore/bindings/js/JSCustomXPathNSResolver.cpp
r21706 r24241 30 30 31 31 #include "CString.h" 32 #include "DOMWindow.h" 32 33 #include "Document.h" 33 34 #include "ExceptionCode.h" … … 54 55 } 55 56 56 return new JSCustomXPathNSResolver(resolverObject, KJS::Window::retrieveActive(exec)-> frame());57 return new JSCustomXPathNSResolver(resolverObject, KJS::Window::retrieveActive(exec)->impl()->frame()); 57 58 } 58 59 -
trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp
r24182 r24241 22 22 23 23 #include "kjs_window.h" 24 #include "DOMWindow.h" 24 25 25 26 namespace WebCore { … … 28 29 { 29 30 // we don't want any properties other than "closed" on a closed window 30 if (! frame()) {31 if (!impl()->frame()) { 31 32 if (propertyName == "closed") { 32 33 const KJS::HashEntry* entry = KJS::Lookup::findEntry(classInfo()->propHashTable, propertyName); … … 92 93 bool JSDOMWindow::customPut(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::JSValue* value, int attr) 93 94 { 94 if (! frame())95 if (!impl()->frame()) 95 96 return true; 96 97 -
trunk/WebCore/bindings/js/JSXMLHttpRequest.cpp
r24227 r24241 22 22 #include "JSXMLHttpRequest.h" 23 23 24 #include "DOMWindow.h" 24 25 #include "Event.h" 25 26 #include "Frame.h" … … 219 220 220 221 String method = args[0]->toString(exec); 221 KURL url = Window::retrieveActive(exec)->frame()->loader()->completeURL(DeprecatedString(args[1]->toString(exec))); 222 Frame* frame = Window::retrieveActive(exec)->impl()->frame(); 223 if (!frame) 224 return jsUndefined(); 225 KURL url = frame->loader()->completeURL(DeprecatedString(args[1]->toString(exec))); 222 226 223 227 bool async = true; -
trunk/WebCore/bindings/js/kjs_events.cpp
r23892 r24241 26 26 #include "Clipboard.h" 27 27 #include "ClipboardEvent.h" 28 #include "DOMWindow.h" 28 29 #include "Document.h" 29 30 #include "Event.h" … … 71 72 if (!window) 72 73 return; 73 Frame *frame = window-> frame();74 Frame *frame = window->impl()->frame(); 74 75 if (!frame) 75 76 return; … … 291 292 m_parsed = true; 292 293 293 Frame* frame = windowObj()-> frame();294 Frame* frame = windowObj()->impl()->frame(); 294 295 KJSProxy* proxy = 0; 295 296 if (frame) -
trunk/WebCore/bindings/js/kjs_window.cpp
r24182 r24241 223 223 224 224 Window::Window(DOMWindow* window) 225 : m_ frame(window->frame())225 : m_impl(window) 226 226 , d(new WindowPrivate) 227 227 { … … 255 255 DOMWindow* Window::impl() const 256 256 { 257 return m_frame->domWindow(); 258 } 259 260 ScriptInterpreter *Window::interpreter() const 261 { 262 return m_frame->scriptProxy()->interpreter(); 257 return m_impl.get(); 258 } 259 260 ScriptInterpreter* Window::interpreter() const 261 { 262 Frame* frame = impl()->frame(); 263 if (!frame) 264 return 0; 265 266 return frame->scriptProxy()->interpreter(); 263 267 } 264 268 … … 290 294 { 291 295 if (!d->loc) 292 d->loc = new Location( m_frame);296 d->loc = new Location(impl()->frame()); 293 297 return d->loc; 294 298 } … … 297 301 { 298 302 // FIXME (13016): Support wholeWord, searchInFrames and showDialog 299 return m_frame->findString(string, !backwards, caseSensitive, wrap, false); 303 Frame* frame = impl()->frame(); 304 if (!frame) 305 return false; 306 307 return frame->findString(string, !backwards, caseSensitive, wrap, false); 300 308 } 301 309 … … 310 318 static bool allowPopUp(ExecState *exec, Window *window) 311 319 { 312 if (!window->frame()) 320 Frame* frame = window->impl()->frame(); 321 if (!frame) 313 322 return false; 314 323 if (static_cast<ScriptInterpreter*>(exec->dynamicInterpreter())->wasRunByUserGesture()) 315 324 return true; 316 Settings* settings = window->frame()->settings();325 Settings* settings = frame->settings(); 317 326 return settings && settings->JavaScriptCanOpenWindowsAutomatically(); 318 327 } … … 379 388 const String& frameName, const WindowFeatures& windowFeatures, JSValue* dialogArgs) 380 389 { 381 Frame* activeFrame = Window::retrieveActive(exec)-> frame();390 Frame* activeFrame = Window::retrieveActive(exec)->impl()->frame(); 382 391 383 392 ResourceRequest request; … … 425 434 static bool canShowModalDialog(const Window *window) 426 435 { 427 if (Frame* frame = window->frame()) 428 return frame->page()->chrome()->canRunModal(); 429 return false; 436 Frame* frame = window->impl()->frame(); 437 if (!frame) 438 return false; 439 440 return frame->page()->chrome()->canRunModal(); 430 441 } 431 442 432 443 static bool canShowModalDialogNow(const Window *window) 433 444 { 434 if (Frame* frame = window->frame()) 435 return frame->page()->chrome()->canRunModalNow(); 436 return false; 445 Frame* frame = window->impl()->frame(); 446 if (!frame) 447 return false; 448 449 return frame->page()->chrome()->canRunModalNow(); 437 450 } 438 451 … … 455 468 // - help: boolFeature(features, "help", true), makes help icon appear in dialog (what does it do on Windows?) 456 469 // - unadorned: trusted && boolFeature(features, "unadorned"); 457 458 FloatRect screenRect = screenAvailableRect(openerWindow->frame()->view()); 470 Frame* frame = openerWindow->impl()->frame(); 471 if (!frame) 472 return jsUndefined(); 473 474 FloatRect screenRect = screenAvailableRect(frame->view()); 459 475 460 476 wargs.width = floatFeature(features, "dialogwidth", 100, screenRect.width(), 620); // default here came from frame size of dialog in MacIE … … 488 504 wargs.fullscreen = false; 489 505 490 Frame* dialogFrame = createWindow(exec, openerWindow->frame(), valueToStringWithUndefinedOrNullCheck(exec, args[0]), "", wargs, args[1]);506 Frame* dialogFrame = createWindow(exec, frame, valueToStringWithUndefinedOrNullCheck(exec, args[0]), "", wargs, args[1]); 491 507 if (!dialogFrame) 492 508 return jsUndefined(); … … 512 528 JSValue *Window::getValueProperty(ExecState *exec, int token) const 513 529 { 514 ASSERT( m_frame);530 ASSERT(impl()->frame()); 515 531 516 532 switch (token) { … … 524 540 return getDOMExceptionConstructor(exec); 525 541 case Frames: 526 return retrieve( m_frame);542 return retrieve(impl()->frame()); 527 543 case Event_: 528 544 if (!isSafeScript(exec)) … … 538 554 return jsUndefined(); 539 555 // Store the navigator in the object so we get the same one each time. 540 Navigator *n = new Navigator(exec, m_frame);556 Navigator *n = new Navigator(exec, impl()->frame()); 541 557 // FIXME: this will make the "navigator" object accessible from windows that fail 542 558 // the security check the first time, but not subsequent times, seems weird. … … 546 562 } 547 563 case Opener: 548 if ( m_frame->loader()->opener())549 return retrieve( m_frame->loader()->opener());564 if (impl()->frame()->loader()->opener()) 565 return retrieve(impl()->frame()->loader()->opener()); 550 566 return jsNull(); 551 567 case Parent: 552 return retrieve( m_frame->tree()->parent() ? m_frame->tree()->parent() : m_frame);568 return retrieve(impl()->frame()->tree()->parent() ? impl()->frame()->tree()->parent() : impl()->frame()); 553 569 case Self: 554 570 case Window_: 555 return retrieve( m_frame);571 return retrieve(impl()->frame()); 556 572 case Top: 557 return retrieve( m_frame->page()->mainFrame());573 return retrieve(impl()->frame()->page()->mainFrame()); 558 574 case Image: 559 575 if (!isSafeScript(exec)) … … 561 577 // FIXME: this property (and the few below) probably shouldn't create a new object every 562 578 // time 563 return new ImageConstructorImp(exec, m_frame->document());579 return new ImageConstructorImp(exec, impl()->frame()->document()); 564 580 case Option: 565 581 if (!isSafeScript(exec)) 566 582 return jsUndefined(); 567 return new JSHTMLOptionElementConstructor(exec, m_frame->document());583 return new JSHTMLOptionElementConstructor(exec, impl()->frame()->document()); 568 584 case XMLHttpRequest: 569 585 if (!isSafeScript(exec)) 570 586 return jsUndefined(); 571 return new JSXMLHttpRequestConstructorImp(exec, m_frame->document());587 return new JSXMLHttpRequestConstructorImp(exec, impl()->frame()->document()); 572 588 #if ENABLE(XSLT) 573 589 case XSLTProcessor_: … … 582 598 if (!isSafeScript(exec)) 583 599 return jsUndefined(); 584 if (Document* doc = m_frame->document())600 if (Document* doc = impl()->frame()->document()) 585 601 if (Element* fe = doc->ownerElement()) 586 602 if (checkNodeSecurity(exec, fe)) … … 650 666 JSValue* Window::childFrameGetter(ExecState*, JSObject*, const Identifier& propertyName, const PropertySlot& slot) 651 667 { 652 return retrieve(static_cast<Window*>(slot.slotBase())-> m_frame->tree()->child(AtomicString(propertyName)));668 return retrieve(static_cast<Window*>(slot.slotBase())->impl()->frame()->tree()->child(AtomicString(propertyName))); 653 669 } 654 670 655 671 JSValue* Window::indexGetter(ExecState*, JSObject*, const Identifier&, const PropertySlot& slot) 656 672 { 657 return retrieve(static_cast<Window*>(slot.slotBase())-> m_frame->tree()->child(slot.index()));673 return retrieve(static_cast<Window*>(slot.slotBase())->impl()->frame()->tree()->child(slot.index())); 658 674 } 659 675 … … 661 677 { 662 678 Window *thisObj = static_cast<Window *>(slot.slotBase()); 663 Document *doc = thisObj-> m_frame->document();679 Document *doc = thisObj->impl()->frame()->document(); 664 680 ASSERT(thisObj->isSafeScript(exec) && doc && doc->isHTMLDocument()); 665 681 … … 678 694 // are in Moz but not IE. Since we have some of these, we have to do 679 695 // it the Moz way. 680 if ( frame()->tree()->child(propertyName)) {696 if (impl()->frame()->tree()->child(propertyName)) { 681 697 slot.setCustom(this, childFrameGetter); 682 698 return true; … … 708 724 bool ok; 709 725 unsigned i = propertyName.toArrayIndex(&ok); 710 if (ok && i < m_frame->tree()->childCount()) {726 if (ok && i < impl()->frame()->tree()->childCount()) { 711 727 slot.setCustomIndex(this, i, indexGetter); 712 728 return true; … … 714 730 715 731 // allow shortcuts like 'Image1' instead of document.images.Image1 716 Document *doc = m_frame->document();732 Document *doc = impl()->frame()->document(); 717 733 if (isSafeScript(exec) && doc && doc->isHTMLDocument()) { 718 734 AtomicString atomicPropertyName = propertyName; … … 741 757 switch (entry->value) { 742 758 case Location_: { 743 Frame* p = Window::retrieveActive(exec)-> m_frame;759 Frame* p = Window::retrieveActive(exec)->impl()->frame(); 744 760 if (p) { 745 761 DeprecatedString dstUrl = p->loader()->completeURL(DeprecatedString(value->toString(exec))).url(); … … 747 763 bool userGesture = static_cast<ScriptInterpreter *>(exec->dynamicInterpreter())->wasRunByUserGesture(); 748 764 // We want a new history item if this JS was called via a user gesture 749 m_frame->loader()->scheduleLocationChange(dstUrl, p->loader()->outgoingReferrer(), !userGesture, userGesture);765 impl()->frame()->loader()->scheduleLocationChange(dstUrl, p->loader()->outgoingReferrer(), !userGesture, userGesture); 750 766 } 751 767 } … … 858 874 if (isSafeScript(exec)) 859 875 JSObject::put(exec, propertyName, value, attr); 860 }861 862 bool Window::toBoolean(ExecState *) const863 {864 return m_frame;865 }866 867 void Window::scheduleClose()868 {869 m_frame->scheduleClose();870 876 } 871 877 … … 932 938 bool Window::isSafeScript(ExecState *exec) const 933 939 { 934 if (!m_frame) // frame deleted ? can't grant access 940 Frame* frame = impl()->frame(); 941 if (!frame) // frame deleted ? can't grant access 935 942 return false; 936 943 Frame* activeFrame = static_cast<ScriptInterpreter*>(exec->dynamicInterpreter())->frame(); 937 944 if (!activeFrame) 938 945 return false; 939 if (activeFrame == m_frame) // Not calling from another frame, no problem.946 if (activeFrame == frame) // Not calling from another frame, no problem. 940 947 return true; 941 948 … … 943 950 // even if the document hasn't been constructed yet. If the document doesn't 944 951 // exist yet allow JS to access the window object. 945 if (! m_frame->document())952 if (!frame->document()) 946 953 return true; 947 954 948 WebCore::Document* thisDocument = m_frame->document();955 WebCore::Document* thisDocument = frame->document(); 949 956 WebCore::Document* actDocument = activeFrame->document(); 950 957 … … 966 973 // or opener, allow access from any document in the same domain as 967 974 // the parent or opener. 968 if (shouldLoadAsEmptyDocument( m_frame->loader()->url())) {969 Frame* ancestorFrame = m_frame->loader()->opener()970 ? m_frame->loader()->opener() : m_frame->tree()->parent();975 if (shouldLoadAsEmptyDocument(frame->loader()->url())) { 976 Frame* ancestorFrame = impl()->frame()->loader()->opener() 977 ? frame->loader()->opener() : frame->tree()->parent(); 971 978 while (ancestorFrame && shouldLoadAsEmptyDocument(ancestorFrame->loader()->url())) 972 979 ancestorFrame = ancestorFrame->tree()->parent(); … … 985 992 String message = String::format("Unsafe JavaScript attempt to access frame with URL %s from frame with URL %s. Domains must match.\n", 986 993 thisDocument->URL().latin1(), actDocument->URL().latin1()); 987 if (Page* page = m_frame->page())994 if (Page* page = frame->page()) 988 995 page->chrome()->addMessageToConsole(JSMessageSource, ErrorMessageLevel, message, 1, String()); 989 996 … … 995 1002 if (!isSafeScript(exec)) 996 1003 return; 997 WebCore::Document *doc = m_frame->document(); 1004 Frame* frame = impl()->frame(); 1005 if (!frame) 1006 return; 1007 Document* doc = frame->document(); 998 1008 if (!doc) 999 1009 return; … … 1006 1016 if (!isSafeScript(exec)) 1007 1017 return jsUndefined(); 1008 WebCore::Document *doc = m_frame->document(); 1018 Frame* frame = impl()->frame(); 1019 if (!frame) 1020 return jsUndefined(); 1021 Document* doc = frame->document(); 1009 1022 if (!doc) 1010 1023 return jsUndefined(); … … 1083 1096 // Now recreate a working global object for the next URL that will use us; but only if we haven't been 1084 1097 // disconnected yet 1085 if ( m_frame)1086 interpreter()->initGlobalObject();1098 if (Frame* frame = impl()->frame()) 1099 frame->scriptProxy()->interpreter()->initGlobalObject(); 1087 1100 1088 1101 // there's likely to be lots of garbage now … … 1250 1263 return throwError(exec, TypeError); 1251 1264 Window *window = static_cast<Window *>(thisObj); 1252 Frame *frame = window-> m_frame;1265 Frame *frame = window->impl()->frame(); 1253 1266 if (!frame) 1254 1267 return jsUndefined(); … … 1331 1344 if (frameName == "_top" || frameName == "_parent") { 1332 1345 String completedURL; 1333 Frame* activeFrame = Window::retrieveActive(exec)-> m_frame;1346 Frame* activeFrame = Window::retrieveActive(exec)->impl()->frame(); 1334 1347 if (!urlString.isEmpty() && activeFrame) 1335 1348 completedURL = activeFrame->document()->completeURL(urlString); … … 1504 1517 void Window::updateLayout() const 1505 1518 { 1506 WebCore::Document* docimpl = m_frame->document(); 1519 Frame* frame = impl()->frame(); 1520 if (!frame) 1521 return; 1522 WebCore::Document* docimpl = frame->document(); 1507 1523 if (docimpl) 1508 1524 docimpl->updateLayoutIgnorePendingStylesheets(); … … 1518 1534 void ScheduledAction::execute(Window* window) 1519 1535 { 1520 RefPtr<Frame> frame = window-> m_frame;1536 RefPtr<Frame> frame = window->impl()->frame(); 1521 1537 if (!frame) 1522 1538 return; … … 1681 1697 { 1682 1698 clearAllTimeouts(); 1683 m_frame = 0;1684 1699 if (d->loc) 1685 1700 d->loc->m_frame = 0; … … 1793 1808 switch (entry->value) { 1794 1809 case Href: { 1795 Frame* p = Window::retrieveActive(exec)-> frame();1810 Frame* p = Window::retrieveActive(exec)->impl()->frame(); 1796 1811 if ( p ) 1797 1812 url = p->loader()->completeURL(str).url(); … … 1843 1858 1844 1859 const Window* window = Window::retrieveWindow(m_frame); 1845 Frame* activeFrame = Window::retrieveActive(exec)-> frame();1860 Frame* activeFrame = Window::retrieveActive(exec)->impl()->frame(); 1846 1861 if (!url.url().startsWith("javascript:", false) || (window && window->isSafeScript(exec))) { 1847 1862 bool userGesture = static_cast<ScriptInterpreter *>(exec->dynamicInterpreter())->wasRunByUserGesture(); … … 1867 1882 { 1868 1883 DeprecatedString str = args[0]->toString(exec); 1869 Frame* p = Window::retrieveActive(exec)-> frame();1884 Frame* p = Window::retrieveActive(exec)->impl()->frame(); 1870 1885 if ( p ) { 1871 1886 const Window* window = Window::retrieveWindow(frame); … … 1888 1903 case Location::Assign: 1889 1904 { 1890 Frame *p = Window::retrieveActive(exec)-> frame();1905 Frame *p = Window::retrieveActive(exec)->impl()->frame(); 1891 1906 if (p) { 1892 1907 const Window *window = Window::retrieveWindow(frame); -
trunk/WebCore/bindings/js/kjs_window.h
r24182 r24241 91 91 */ 92 92 static Window* retrieveActive(ExecState*); 93 WebCore::Frame* frame() const { return m_frame; }94 93 virtual void mark(); 95 94 virtual bool getOwnPropertySlot(ExecState*, const Identifier&, PropertySlot&); 96 95 JSValue *getValueProperty(ExecState *exec, int token) const; 97 96 virtual void put(ExecState *exec, const Identifier &propertyName, JSValue *value, int attr = None); 98 virtual bool toBoolean(ExecState*) const;99 97 100 98 int installTimeout(const UString& handler, int t, bool singleShot); … … 107 105 108 106 KJS::ScriptInterpreter *interpreter() const; 109 110 void scheduleClose();111 107 112 108 bool isSafeScript(ExecState*) const; … … 191 187 int installTimeout(ScheduledAction*, int interval, bool singleShot); 192 188 193 WebCore::Frame* m_frame;189 RefPtr<WebCore::DOMWindow> m_impl; 194 190 OwnPtr<WindowPrivate> d; 195 191 }; -
trunk/WebCore/page/mac/WebCoreFrameBridge.mm
r24222 r24241 34 34 #import "DOMImplementation.h" 35 35 #import "DOMInternal.h" 36 #import "DOMWindow.h" 36 37 #import "TextResourceDecoder.h" 37 38 #import "DeleteSelectionCommand.h" … … 143 144 if (!window) 144 145 return; 145 146 if (Document* doc = window->frame()->document()) 147 doc->updateRendering(); 146 147 if (Frame* frame = window->impl()->frame()) 148 if (Document* doc = frame->document()) 149 doc->updateRendering(); 148 150 } 149 151
Note: See TracChangeset
for help on using the changeset viewer.