Changeset 257482 in webkit

Timestamp:

Feb 26, 2020 10:58:28 AM (4 years ago)

Author:

Chris Dumez

Message:

Unreviewed, rolling out r257389.

Reverted changeset:

"Make sure a client cannot cause a whole DOM tree to get
leaked by simply holding on to a WKBundleNodeHandle"
​https://bugs.webkit.org/show_bug.cgi?id=208218
​https://trac.webkit.org/changeset/257389

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp (modified) (26 diffs)
• WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.h (modified) (4 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-26  Chris Dumez  <cdumez@apple.com>
+
+        Unreviewed, rolling out r257389.
+
+        Reverted changeset:
+
+        "Make sure a client cannot cause a whole DOM tree to get
+        leaked by simply holding on to a WKBundleNodeHandle"
+        https://bugs.webkit.org/show_bug.cgi?id=208218
+        https://trac.webkit.org/changeset/257389
+
 2020-02-26  Jacob Uphoff  <jacob_uphoff@apple.com>
 

trunk/Source/WebKit/WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp

@@ -102 +102 @@
 
 InjectedBundleNodeHandle::InjectedBundleNodeHandle(Node& node)
-    : ActiveDOMObject(node.document())
-    , m_node(&node)
+    : m_node(node)
 {
 }
@@ -109 +108 @@
 InjectedBundleNodeHandle::~InjectedBundleNodeHandle()
 {
-    if (m_node)
-        domNodeHandleCache().remove(m_node.get());
+    domNodeHandleCache().remove(m_node.ptr());
 }
 
 Node* InjectedBundleNodeHandle::coreNode()
 {
-    return m_node.get();
-}
-
-RefPtr<InjectedBundleNodeHandle> InjectedBundleNodeHandle::document()
-{
-    if (!m_node)
-        return nullptr;
-
+    return m_node.ptr();
+}
+
+Ref<InjectedBundleNodeHandle> InjectedBundleNodeHandle::document()
+{
     return getOrCreate(m_node->document());
 }
@@ -134 +129 @@
         return IntRect();
 
-    return downcast<Element>(*m_node).boundsInRootViewSpace();
+    return downcast<Element>(m_node.get()).boundsInRootViewSpace();
 }
     
 IntRect InjectedBundleNodeHandle::renderRect(bool* isReplaced)
 {
-    if (!m_node)
-        return { };
-
     return m_node->pixelSnappedRenderRect(isReplaced);
 }
@@ -199 +191 @@
 RefPtr<WebImage> InjectedBundleNodeHandle::renderedImage(SnapshotOptions options, bool shouldExcludeOverflow, const Optional<float>& bitmapWidth)
 {
-    if (!m_node)
-        return nullptr;
-
     Frame* frame = m_node->document().frame();
     if (!frame)
@@ -224 +213 @@
     }
 
-    frameView->setNodeToDraw(m_node.get());
+    frameView->setNodeToDraw(m_node.ptr());
     auto image = imageForRect(frameView, paintingRect, bitmapWidth, options);
     frameView->setNodeToDraw(0);
@@ -233 +222 @@
 RefPtr<InjectedBundleRangeHandle> InjectedBundleNodeHandle::visibleRange()
 {
-    if (!m_node)
-        return nullptr;
-
-    VisiblePosition start = firstPositionInNode(m_node.get());
-    VisiblePosition end = lastPositionInNode(m_node.get());
+    VisiblePosition start = firstPositionInNode(m_node.ptr());
+    VisiblePosition end = lastPositionInNode(m_node.ptr());
 
     RefPtr<Range> range = makeRange(start, end);
@@ -248 +234 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setValueForUser(value);
+    downcast<HTMLInputElement>(m_node.get()).setValueForUser(value);
 }
 
@@ -256 +242 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setSpellcheckDisabledExceptTextReplacement(!enabled);
+    downcast<HTMLInputElement>(m_node.get()).setSpellcheckDisabledExceptTextReplacement(!enabled);
 }
 
@@ -264 +250 @@
         return false;
     
-    return downcast<HTMLInputElement>(*m_node).isAutoFilled();
+    return downcast<HTMLInputElement>(m_node.get()).isAutoFilled();
 }
 
@@ -272 +258 @@
         return false;
 
-    return downcast<HTMLInputElement>(*m_node).isAutoFilledAndViewable();
+    return downcast<HTMLInputElement>(m_node.get()).isAutoFilledAndViewable();
 }
 
@@ -280 +266 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setAutoFilled(filled);
+    downcast<HTMLInputElement>(m_node.get()).setAutoFilled(filled);
 }
 
@@ -288 +274 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setAutoFilledAndViewable(autoFilledAndViewable);
+    downcast<HTMLInputElement>(m_node.get()).setAutoFilledAndViewable(autoFilledAndViewable);
 }
 
@@ -296 +282 @@
         return false;
     
-    return downcast<HTMLInputElement>(*m_node).autoFillButtonType() != AutoFillButtonType::None;
+    return downcast<HTMLInputElement>(m_node.get()).autoFillButtonType() != AutoFillButtonType::None;
 }
 
@@ -304 +290 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setShowAutoFillButton(autoFillButtonType);
+    downcast<HTMLInputElement>(m_node.get()).setShowAutoFillButton(autoFillButtonType);
 }
 
@@ -311 +297 @@
     if (!is<HTMLInputElement>(m_node))
         return AutoFillButtonType::None;
-    return downcast<HTMLInputElement>(*m_node).autoFillButtonType();
+    return downcast<HTMLInputElement>(m_node.get()).autoFillButtonType();
 }
 
@@ -318 +304 @@
     if (!is<HTMLInputElement>(m_node))
         return AutoFillButtonType::None;
-    return downcast<HTMLInputElement>(*m_node).lastAutoFillButtonType();
+    return downcast<HTMLInputElement>(m_node.get()).lastAutoFillButtonType();
 }
 
@@ -326 +312 @@
         return false;
 
-    return downcast<HTMLInputElement>(*m_node).isAutoFillAvailable();
+    return downcast<HTMLInputElement>(m_node.get()).isAutoFillAvailable();
 }
 
@@ -334 +320 @@
         return;
 
-    downcast<HTMLInputElement>(*m_node).setAutoFillAvailable(autoFillAvailable);
+    downcast<HTMLInputElement>(m_node.get()).setAutoFillAvailable(autoFillAvailable);
 }
 
@@ -342 +328 @@
         return IntRect();
 
-    auto autoFillButton = downcast<HTMLInputElement>(*m_node).autoFillButtonElement();
+    auto autoFillButton = downcast<HTMLInputElement>(m_node.get()).autoFillButtonElement();
     if (!autoFillButton)
         return IntRect();
@@ -354 +340 @@
         return false;
 
-    return downcast<HTMLInputElement>(*m_node).lastChangeWasUserEdit();
+    return downcast<HTMLInputElement>(m_node.get()).lastChangeWasUserEdit();
 }
 
@@ -362 +348 @@
         return false;
 
-    return downcast<HTMLTextAreaElement>(*m_node).lastChangeWasUserEdit();
+    return downcast<HTMLTextAreaElement>(m_node.get()).lastChangeWasUserEdit();
 }
 
@@ -370 +356 @@
         return false;
 
-    return downcast<HTMLInputElement>(*m_node).isTextField();
+    return downcast<HTMLInputElement>(m_node.get()).isTextField();
 }
 
@@ -383 +369 @@
         return nullptr;
 
-    return getOrCreate(downcast<HTMLTableCellElement>(*m_node).cellAbove());
+    return getOrCreate(downcast<HTMLTableCellElement>(m_node.get()).cellAbove());
 }
 
 RefPtr<WebFrame> InjectedBundleNodeHandle::documentFrame()
 {
-    if (!m_node || !m_node->isDocumentNode())
-        return nullptr;
-
-    Frame* frame = downcast<Document>(*m_node).frame();
+    if (!m_node->isDocumentNode())
+        return nullptr;
+
+    Frame* frame = downcast<Document>(m_node.get()).frame();
     if (!frame)
         return nullptr;
@@ -403 +389 @@
         return nullptr;
 
-    Frame* frame = downcast<HTMLFrameElement>(*m_node).contentFrame();
+    Frame* frame = downcast<HTMLFrameElement>(m_node.get()).contentFrame();
     if (!frame)
         return nullptr;
@@ -415 +401 @@
         return nullptr;
 
-    Frame* frame = downcast<HTMLIFrameElement>(*m_node).contentFrame();
+    Frame* frame = downcast<HTMLIFrameElement>(m_node.get()).contentFrame();
     if (!frame)
         return nullptr;
@@ -422 +408 @@
 }
 
-void InjectedBundleNodeHandle::stop()
-{
-    // Invalidate handles to nodes inside documents that are about to be destroyed in order to prevent leaks.
-    if (m_node) {
-        domNodeHandleCache().remove(m_node.get());
-        m_node = nullptr;
-    }
-}
-
-const char* InjectedBundleNodeHandle::activeDOMObjectName() const
-{
-    return "InjectedBundleNodeHandle";
-}
-
 } // namespace WebKit

trunk/Source/WebKit/WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.h

@@ -29 +29 @@
 #include "ImageOptions.h"
 #include <JavaScriptCore/JSBase.h>
-#include <WebCore/ActiveDOMObject.h>
 #include <wtf/Forward.h>
 #include <wtf/Optional.h>
@@ -47 +46 @@
 class WebImage;
 
-class InjectedBundleNodeHandle : public API::ObjectImpl<API::Object::Type::BundleNodeHandle>, public WebCore::ActiveDOMObject {
+class InjectedBundleNodeHandle : public API::ObjectImpl<API::Object::Type::BundleNodeHandle> {
 public:
     static RefPtr<InjectedBundleNodeHandle> getOrCreate(JSContextRef, JSObjectRef);
@@ -58 +57 @@
 
     // Convenience DOM Operations
-    RefPtr<InjectedBundleNodeHandle> document();
+    Ref<InjectedBundleNodeHandle> document();
 
     // Additional DOM Operations
@@ -94 +93 @@
     InjectedBundleNodeHandle(WebCore::Node&);
 
-    // ActiveDOMObject.
-    void stop() final;
-    const char* activeDOMObjectName() const final;
-
-    RefPtr<WebCore::Node> m_node;
+    Ref<WebCore::Node> m_node;
 };