Changeset 257482 in webkit
- Timestamp:
- Feb 26, 2020 10:58:28 AM (4 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r257479 r257482 1 2020-02-26 Chris Dumez <cdumez@apple.com> 2 3 Unreviewed, rolling out r257389. 4 5 Reverted changeset: 6 7 "Make sure a client cannot cause a whole DOM tree to get 8 leaked by simply holding on to a WKBundleNodeHandle" 9 https://bugs.webkit.org/show_bug.cgi?id=208218 10 https://trac.webkit.org/changeset/257389 11 1 12 2020-02-26 Jacob Uphoff <jacob_uphoff@apple.com> 2 13 -
trunk/Source/WebKit/WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.cpp
r257471 r257482 102 102 103 103 InjectedBundleNodeHandle::InjectedBundleNodeHandle(Node& node) 104 : ActiveDOMObject(node.document()) 105 , m_node(&node) 104 : m_node(node) 106 105 { 107 106 } … … 109 108 InjectedBundleNodeHandle::~InjectedBundleNodeHandle() 110 109 { 111 if (m_node) 112 domNodeHandleCache().remove(m_node.get()); 110 domNodeHandleCache().remove(m_node.ptr()); 113 111 } 114 112 115 113 Node* InjectedBundleNodeHandle::coreNode() 116 114 { 117 return m_node.get(); 118 } 119 120 RefPtr<InjectedBundleNodeHandle> InjectedBundleNodeHandle::document() 121 { 122 if (!m_node) 123 return nullptr; 124 115 return m_node.ptr(); 116 } 117 118 Ref<InjectedBundleNodeHandle> InjectedBundleNodeHandle::document() 119 { 125 120 return getOrCreate(m_node->document()); 126 121 } … … 134 129 return IntRect(); 135 130 136 return downcast<Element>( *m_node).boundsInRootViewSpace();131 return downcast<Element>(m_node.get()).boundsInRootViewSpace(); 137 132 } 138 133 139 134 IntRect InjectedBundleNodeHandle::renderRect(bool* isReplaced) 140 135 { 141 if (!m_node)142 return { };143 144 136 return m_node->pixelSnappedRenderRect(isReplaced); 145 137 } … … 199 191 RefPtr<WebImage> InjectedBundleNodeHandle::renderedImage(SnapshotOptions options, bool shouldExcludeOverflow, const Optional<float>& bitmapWidth) 200 192 { 201 if (!m_node)202 return nullptr;203 204 193 Frame* frame = m_node->document().frame(); 205 194 if (!frame) … … 224 213 } 225 214 226 frameView->setNodeToDraw(m_node. get());215 frameView->setNodeToDraw(m_node.ptr()); 227 216 auto image = imageForRect(frameView, paintingRect, bitmapWidth, options); 228 217 frameView->setNodeToDraw(0); … … 233 222 RefPtr<InjectedBundleRangeHandle> InjectedBundleNodeHandle::visibleRange() 234 223 { 235 if (!m_node) 236 return nullptr; 237 238 VisiblePosition start = firstPositionInNode(m_node.get()); 239 VisiblePosition end = lastPositionInNode(m_node.get()); 224 VisiblePosition start = firstPositionInNode(m_node.ptr()); 225 VisiblePosition end = lastPositionInNode(m_node.ptr()); 240 226 241 227 RefPtr<Range> range = makeRange(start, end); … … 248 234 return; 249 235 250 downcast<HTMLInputElement>( *m_node).setValueForUser(value);236 downcast<HTMLInputElement>(m_node.get()).setValueForUser(value); 251 237 } 252 238 … … 256 242 return; 257 243 258 downcast<HTMLInputElement>( *m_node).setSpellcheckDisabledExceptTextReplacement(!enabled);244 downcast<HTMLInputElement>(m_node.get()).setSpellcheckDisabledExceptTextReplacement(!enabled); 259 245 } 260 246 … … 264 250 return false; 265 251 266 return downcast<HTMLInputElement>( *m_node).isAutoFilled();252 return downcast<HTMLInputElement>(m_node.get()).isAutoFilled(); 267 253 } 268 254 … … 272 258 return false; 273 259 274 return downcast<HTMLInputElement>( *m_node).isAutoFilledAndViewable();260 return downcast<HTMLInputElement>(m_node.get()).isAutoFilledAndViewable(); 275 261 } 276 262 … … 280 266 return; 281 267 282 downcast<HTMLInputElement>( *m_node).setAutoFilled(filled);268 downcast<HTMLInputElement>(m_node.get()).setAutoFilled(filled); 283 269 } 284 270 … … 288 274 return; 289 275 290 downcast<HTMLInputElement>( *m_node).setAutoFilledAndViewable(autoFilledAndViewable);276 downcast<HTMLInputElement>(m_node.get()).setAutoFilledAndViewable(autoFilledAndViewable); 291 277 } 292 278 … … 296 282 return false; 297 283 298 return downcast<HTMLInputElement>( *m_node).autoFillButtonType() != AutoFillButtonType::None;284 return downcast<HTMLInputElement>(m_node.get()).autoFillButtonType() != AutoFillButtonType::None; 299 285 } 300 286 … … 304 290 return; 305 291 306 downcast<HTMLInputElement>( *m_node).setShowAutoFillButton(autoFillButtonType);292 downcast<HTMLInputElement>(m_node.get()).setShowAutoFillButton(autoFillButtonType); 307 293 } 308 294 … … 311 297 if (!is<HTMLInputElement>(m_node)) 312 298 return AutoFillButtonType::None; 313 return downcast<HTMLInputElement>( *m_node).autoFillButtonType();299 return downcast<HTMLInputElement>(m_node.get()).autoFillButtonType(); 314 300 } 315 301 … … 318 304 if (!is<HTMLInputElement>(m_node)) 319 305 return AutoFillButtonType::None; 320 return downcast<HTMLInputElement>( *m_node).lastAutoFillButtonType();306 return downcast<HTMLInputElement>(m_node.get()).lastAutoFillButtonType(); 321 307 } 322 308 … … 326 312 return false; 327 313 328 return downcast<HTMLInputElement>( *m_node).isAutoFillAvailable();314 return downcast<HTMLInputElement>(m_node.get()).isAutoFillAvailable(); 329 315 } 330 316 … … 334 320 return; 335 321 336 downcast<HTMLInputElement>( *m_node).setAutoFillAvailable(autoFillAvailable);322 downcast<HTMLInputElement>(m_node.get()).setAutoFillAvailable(autoFillAvailable); 337 323 } 338 324 … … 342 328 return IntRect(); 343 329 344 auto autoFillButton = downcast<HTMLInputElement>( *m_node).autoFillButtonElement();330 auto autoFillButton = downcast<HTMLInputElement>(m_node.get()).autoFillButtonElement(); 345 331 if (!autoFillButton) 346 332 return IntRect(); … … 354 340 return false; 355 341 356 return downcast<HTMLInputElement>( *m_node).lastChangeWasUserEdit();342 return downcast<HTMLInputElement>(m_node.get()).lastChangeWasUserEdit(); 357 343 } 358 344 … … 362 348 return false; 363 349 364 return downcast<HTMLTextAreaElement>( *m_node).lastChangeWasUserEdit();350 return downcast<HTMLTextAreaElement>(m_node.get()).lastChangeWasUserEdit(); 365 351 } 366 352 … … 370 356 return false; 371 357 372 return downcast<HTMLInputElement>( *m_node).isTextField();358 return downcast<HTMLInputElement>(m_node.get()).isTextField(); 373 359 } 374 360 … … 383 369 return nullptr; 384 370 385 return getOrCreate(downcast<HTMLTableCellElement>( *m_node).cellAbove());371 return getOrCreate(downcast<HTMLTableCellElement>(m_node.get()).cellAbove()); 386 372 } 387 373 388 374 RefPtr<WebFrame> InjectedBundleNodeHandle::documentFrame() 389 375 { 390 if (!m_node || !m_node->isDocumentNode())391 return nullptr; 392 393 Frame* frame = downcast<Document>( *m_node).frame();376 if (!m_node->isDocumentNode()) 377 return nullptr; 378 379 Frame* frame = downcast<Document>(m_node.get()).frame(); 394 380 if (!frame) 395 381 return nullptr; … … 403 389 return nullptr; 404 390 405 Frame* frame = downcast<HTMLFrameElement>( *m_node).contentFrame();391 Frame* frame = downcast<HTMLFrameElement>(m_node.get()).contentFrame(); 406 392 if (!frame) 407 393 return nullptr; … … 415 401 return nullptr; 416 402 417 Frame* frame = downcast<HTMLIFrameElement>( *m_node).contentFrame();403 Frame* frame = downcast<HTMLIFrameElement>(m_node.get()).contentFrame(); 418 404 if (!frame) 419 405 return nullptr; … … 422 408 } 423 409 424 void InjectedBundleNodeHandle::stop()425 {426 // Invalidate handles to nodes inside documents that are about to be destroyed in order to prevent leaks.427 if (m_node) {428 domNodeHandleCache().remove(m_node.get());429 m_node = nullptr;430 }431 }432 433 const char* InjectedBundleNodeHandle::activeDOMObjectName() const434 {435 return "InjectedBundleNodeHandle";436 }437 438 410 } // namespace WebKit -
trunk/Source/WebKit/WebProcess/InjectedBundle/DOM/InjectedBundleNodeHandle.h
r257389 r257482 29 29 #include "ImageOptions.h" 30 30 #include <JavaScriptCore/JSBase.h> 31 #include <WebCore/ActiveDOMObject.h>32 31 #include <wtf/Forward.h> 33 32 #include <wtf/Optional.h> … … 47 46 class WebImage; 48 47 49 class InjectedBundleNodeHandle : public API::ObjectImpl<API::Object::Type::BundleNodeHandle> , public WebCore::ActiveDOMObject{48 class InjectedBundleNodeHandle : public API::ObjectImpl<API::Object::Type::BundleNodeHandle> { 50 49 public: 51 50 static RefPtr<InjectedBundleNodeHandle> getOrCreate(JSContextRef, JSObjectRef); … … 58 57 59 58 // Convenience DOM Operations 60 Ref Ptr<InjectedBundleNodeHandle> document();59 Ref<InjectedBundleNodeHandle> document(); 61 60 62 61 // Additional DOM Operations … … 94 93 InjectedBundleNodeHandle(WebCore::Node&); 95 94 96 // ActiveDOMObject. 97 void stop() final; 98 const char* activeDOMObjectName() const final; 99 100 RefPtr<WebCore::Node> m_node; 95 Ref<WebCore::Node> m_node; 101 96 }; 102 97
Note: See TracChangeset
for help on using the changeset viewer.