Changeset 93567 in webkit
- Timestamp:
- Aug 22, 2011 5:43:32 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r93565 r93567 1 2011-08-22 Alexey Proskuryakov <ap@apple.com> 2 3 showModalDialog does not correctly return the defined returnValue in case domain relaxing is used 4 https://bugs.webkit.org/show_bug.cgi?id=53191 5 <rdar://problem/8629478> 6 7 Reviewed by Geoff Garen. 8 9 Cannot test domain relaxing, we only have 127.0.0.1 and localhost. 10 11 * bindings/js/JSDOMWindowCustom.cpp: (WebCore::JSDOMWindow::getOwnPropertySlot): 12 Added a FIXME about a difference with Firefox. 13 14 (WebCore::DialogHandler::DialogHandler): 15 (WebCore::DialogHandler::dialogCreated): 16 (WebCore::DialogHandler::returnValue): 17 Changed to fetch returnValue from the global object that's in the frame when the dialog is 18 dismissed. A dialog can navigate itself, and it also creates a new JSDOMWindow on first load 19 if the origin doesn't match opener origin (which the case with domain relaxing). 20 Re-added a security check for returnValue that got lost in r73829, so that we don't send the 21 result across origins. This matches Firefox. 22 23 * bindings/js/JSDOMWindowShell.cpp: (WebCore::JSDOMWindowShell::setWindow): Added an assertion 24 against a very confusing case that should no longer occur. 25 26 * page/Frame.cpp: (WebCore::Frame::pageDestroyed): Don't clear the window shell, it doesn't 27 seem necessary, but prevents DialogHandler from fetching the return value. Added a keepAlive 28 call to avoid changing life support timer behavior in this patch. 29 1 30 2011-08-22 Alice Boxhall <aboxhall@chromium.org> 2 31 -
trunk/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp
r93558 r93567 128 128 const HashEntry* entry; 129 129 130 // We don't want any properties other than "close" and "closed" on a closed window. 130 // We don't want any properties other than "close" and "closed" on a frameless window (i.e. one whose page got closed, 131 // or whose iframe got removed). 132 // FIXME: This doesn't fully match Firefox, which allows at least toString in addition to those. 131 133 if (!impl()->frame()) { 132 134 // The following code is safe for cross-domain and same domain use. … … 645 647 explicit DialogHandler(ExecState* exec) 646 648 : m_exec(exec) 647 , m_globalObject(0)648 649 { 649 650 } … … 654 655 private: 655 656 ExecState* m_exec; 656 JSDOMWindow* m_globalObject;657 RefPtr<Frame> m_frame; 657 658 }; 658 659 659 660 inline void DialogHandler::dialogCreated(DOMWindow* dialog) 660 661 { 662 m_frame = dialog->frame(); 661 663 // FIXME: This looks like a leak between the normal world and an isolated 662 664 // world if dialogArguments comes from an isolated world. 663 m_globalObject = toJSDOMWindow(dialog->frame(), normalWorld(m_exec->globalData()));665 JSDOMWindow* globalObject = toJSDOMWindow(m_frame.get(), normalWorld(m_exec->globalData())); 664 666 if (JSValue dialogArguments = m_exec->argument(1)) 665 m_globalObject->putDirect(m_exec->globalData(), Identifier(m_exec, "dialogArguments"), dialogArguments);667 globalObject->putDirect(m_exec->globalData(), Identifier(m_exec, "dialogArguments"), dialogArguments); 666 668 } 667 669 668 670 inline JSValue DialogHandler::returnValue() const 669 671 { 670 if (!m_globalObject) 672 JSDOMWindow* globalObject = toJSDOMWindow(m_frame.get(), normalWorld(m_exec->globalData())); 673 if (!globalObject) 671 674 return jsUndefined(); 672 675 Identifier identifier(m_exec, "returnValue"); 673 676 PropertySlot slot; 674 if (! m_globalObject->JSGlobalObject::getOwnPropertySlot(m_exec, identifier, slot))677 if (!globalObject->getOwnPropertySlot(m_exec, identifier, slot)) 675 678 return jsUndefined(); 676 679 return slot.getValue(m_exec, identifier); -
trunk/Source/WebCore/bindings/js/JSDOMWindowShell.cpp
r92788 r93567 58 58 void JSDOMWindowShell::setWindow(PassRefPtr<DOMWindow> domWindow) 59 59 { 60 // Replacing JSDOMWindow via telling JSDOMWindowShell to use the same DOMWindow it already uses makes no sense, 61 // so we'd better never try to. 62 ASSERT(!m_window || domWindow.get() != m_window->impl()); 60 63 // Explicitly protect the global object's prototype so it isn't collected 61 64 // when we allocate the global object. (Once the global object is fully -
trunk/Source/WebCore/page/Frame.cpp
r93303 r93567 732 732 void Frame::pageDestroyed() 733 733 { 734 // FIXME: Rename this function, since it's called not only from Page destructor, but in several other cases. 735 // This cleanup is needed whenever we remove a frame from page. 736 734 737 if (Frame* parent = tree()->parent()) 735 738 parent->loader()->checkLoadComplete(); … … 750 753 page()->focusController()->setFocusedFrame(0); 751 754 752 script()->clearWindowShell(); 755 // FIXME: Removing keepalive will make behavior better match Firefox. 756 // Some code that used to be here indirectly triggered keepalive, and we don't want to change behavior at the moment. 757 keepAlive(); 758 753 759 script()->clearScriptObjects(); 754 760 script()->updatePlatformScriptObjects();
Note: See TracChangeset
for help on using the changeset viewer.