Changeset 48960 in webkit


Ignore:
Timestamp:
Sep 30, 2009 10:52:56 PM (15 years ago)
Author:
oliver@apple.com
Message:

reproducible freeze and crash on closing form popup at bosch-home.nl
https://bugs.webkit.org/show_bug.cgi?id=28948

Reviewed by Maciej Stachowiak.

showModalDialog calls getDirect on what is actually a window shell,
so ends up not getting a value (since no value can ever be placed
directly on the shell), which leads to incorrect behaviour.

We use a manual test rather than automatic as it was not
possible to get a modal run loop to work inside DRT.

Location:
trunk/WebCore
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r48959 r48960  
     12009-09-30  Oliver Hunt  <oliver@apple.com>
     2
     3        Reviewed by Maciej Stachowiak.
     4
     5        reproducible freeze and crash on closing form popup at bosch-home.nl
     6        https://bugs.webkit.org/show_bug.cgi?id=28948
     7
     8        showModalDialog calls getDirect on what is actually a window shell,
     9        so ends up not getting a value (since no value can ever be placed
     10        directly on the shell), which leads to incorrect behaviour.
     11
     12        We use a manual test rather than automatic as it was not
     13        possible to get a modal run loop to work inside DRT.
     14
     15        * bindings/js/JSDOMWindowCustom.cpp:
     16        (WebCore::JSDOMWindow::showModalDialog):
     17        * manual-tests/showModalDialog-returnValue.html: manual testcase.
     18
    1192009-09-30  Kent Tamura  <tkent@chromium.org>
    220
  • trunk/WebCore/bindings/js/JSDOMWindowCustom.cpp

    r48884 r48960  
    934934    dialogFrame->page()->chrome()->runModal();
    935935
    936     return dialogWindow->getDirect(Identifier(exec, "returnValue"));
     936    Identifier returnValue(exec, "returnValue");
     937    if (dialogWindow->allowsAccessFromNoErrorMessage(exec)) {
     938        PropertySlot slot;
     939        // This is safe, we have already performed the origin security check and we are
     940        // not interested in any of the DOM properties of the window.
     941        if (dialogWindow->JSGlobalObject::getOwnPropertySlot(exec, returnValue, slot))
     942            return slot.getValue(exec, returnValue);
     943    }
     944    return jsUndefined();
    937945}
    938946
Note: See TracChangeset for help on using the changeset viewer.