Context Navigation

Changeset 83213 in webkit

Timestamp:

Apr 7, 2011 2:51:23 PM (13 years ago)

Author:

vitalyr@chromium.org

Message:

2011-04-06 Vitaly Repeshko <vitalyr@chromium.org>

Reviewed by Nate Chapin.

[V8] Remove custom DOMImplementation getter on Document.
https://bugs.webkit.org/show_bug.cgi?id=57991

The custom getter is no longer required because DOMImplementation
objects are now created per document.

Test: fast/dom/DOMImplementation/implementation-identity.html

2011-04-06 Vitaly Repeshko <vitalyr@chromium.org>

Reviewed by Nate Chapin.

[V8] Remove custom DOMImplementation getter on Document.
https://bugs.webkit.org/show_bug.cgi?id=57991

Location:

trunk

Files:

-                      r83210
+                      r83213
+-04-06  Vitaly Repeshko  <vitalyr@chromium.org>
+        Reviewed by Nate Chapin.
+        [V8] Remove custom DOMImplementation getter on Document.
+        https://bugs.webkit.org/show_bug.cgi?id=57991
+        * fast/dom/DOMImplementation/implementation-identity-expected.txt: Added.
+        * fast/dom/DOMImplementation/implementation-identity.html: Added.
 -04-07  Steve Lacey  <sjl@chromium.org>

-                      r83209
+                      r83213
+-04-06  Vitaly Repeshko  <vitalyr@chromium.org>
+        Reviewed by Nate Chapin.
+        [V8] Remove custom DOMImplementation getter on Document.
+        https://bugs.webkit.org/show_bug.cgi?id=57991
+        The custom getter is no longer required because DOMImplementation
+        objects are now created per document.
+        Test: fast/dom/DOMImplementation/implementation-identity.html
+        * bindings/scripts/CodeGeneratorV8.pm:
+        * bindings/v8/custom/V8DocumentCustom.cpp:
+        * dom/Document.idl:
 -04-07  Sergey Glazunov  <serg.glazunov@gmail.com>

r82802	r83213
449	449	}
450	450
451		if (IsSubType($dataNode, "Document")) {
452		push(@customInternalFields, "implementationIndex");
453		} elsif ($name eq "DOMWindow") {
	451	if ($name eq "DOMWindow") {
454	452	push(@customInternalFields, "enteredIsolatedWorldIndex");
455	453	}

-                      r76600
+                      r83213
+}
-// DOMImplementation is a singleton in WebCore. If we use our normal
-// mapping from DOM objects to V8 wrappers, the same wrapper will be
-// shared for all frames in the same process. This is a major
-// security problem. Therefore, we generate a DOMImplementation
-// wrapper per document and store it in an internal field of the
-// document. Since the DOMImplementation object is a singleton, we do
-// not have to do anything to keep the DOMImplementation object alive
-// for the lifetime of the wrapper.
-v8::Handle<v8::Value> V8Document::implementationAccessorGetter(v8::Local<v8::String> name, const v8::AccessorInfo& info)
+{
-    ASSERT(info.Holder()->InternalFieldCount() >= internalFieldCount);
-    // Check if the internal field already contains a wrapper.
-    v8::Local<v8::Value> implementation = info.Holder()->GetInternalField(V8Document::implementationIndex);
-    if (!implementation->IsUndefined())
-        return implementation;
-    // Generate a wrapper.
-    Document* document = V8Document::toNative(info.Holder());
-    v8::Handle<v8::Value> wrapper = toV8(document->implementation());
-    // Store the wrapper in the internal field.
-    info.Holder()->SetInternalField(implementationIndex, wrapper);
-    return wrapper;
+}
 v8::Handle<v8::Value> toV8(Document* impl, bool forceNewObject)
+{

r82925	r83213
30	30	// DOM Level 1 Core
31	31	readonly attribute DocumentType doctype;
32		readonly attribute ~~[V8Custom]~~ DOMImplementation implementation;
	32	readonly attribute DOMImplementation implementation;
33	33	readonly attribute Element documentElement;
34	34

Note: See TracChangeset for help on using the changeset viewer.