Fix window.history GC issue. Since the history object is not part of

the DOM, we need to explicitly keep the history wrapper object alive for the lifetime of the DOMWindow object with which it is associated. Review URL: http://codereview.chromium.org/53092 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12543 0039d316-1c4b-4281-b951-d872f2087c98
author: ager@chromium.org <ager@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-26 12:33:01 +0000
committer: ager@chromium.org <ager@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-26 12:33:01 +0000
commit: 698beb99c016a6d7263f0d8cb45e69a9f22a91ab (patch)
tree: 3aba3607dcbad042b80b22597012c3ab0de0a2ef
parent: 49435ccdf622976494dd3dcbc6912994407febd1 (diff)
download: chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.zip
chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.tar.gz
chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.tar.bz2
3 files changed, 27 insertions, 15 deletions
diff --git a/webkit/port/bindings/v8/v8_custom.h b/webkit/port/bindings/v8/v8_custom.h
index 4c4129d..a891e2e 100644
--- a/webkit/port/bindings/v8/v8_custom.h
+++ b/webkit/port/bindings/v8/v8_custom.h
@@ -121,12 +121,14 @@ class V8Custom {
                       kDefaultWrapperInternalFieldCount + 1;
 #endif
 
-  static const int kDOMWindowLocationIndex =
+  static const int kDOMWindowHistoryIndex =
                       kDefaultWrapperInternalFieldCount + 0;
   static const int kDOMWindowNavigatorIndex =
                       kDefaultWrapperInternalFieldCount + 1;
-  static const int kDOMWindowInternalFieldCount =
+  static const int kDOMWindowLocationIndex =
                       kDefaultWrapperInternalFieldCount + 2;
+  static const int kDOMWindowInternalFieldCount =
+                      kDefaultWrapperInternalFieldCount + 3;
 
   static const int kStyleSheetOwnerNodeIndex =
                       kDefaultWrapperInternalFieldCount + 0;
diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp
index ca00058..d830c40 100644
--- a/webkit/port/bindings/v8/v8_proxy.cpp
+++ b/webkit/port/bindings/v8/v8_proxy.cpp
@@ -1823,7 +1823,8 @@ v8::Persistent<v8::FunctionTemplate> V8Proxy::GetTemplate(
 
       desc->SetHiddenPrototype(true);
 
-      // Reserve spaces for references to location and navigator objects.
+      // Reserve spaces for references to location, history and
+      // navigator objects.
       v8::Local<v8::ObjectTemplate> instance_template =
           desc->InstanceTemplate();
       instance_template->SetInternalFieldCount(
@@ -2653,17 +2654,27 @@ v8::Handle<v8::Value> V8Proxy::ToV8Object(V8ClassIndex::V8WrapperType type, void
       else
         SetJSWrapperForDOMObject(imp, result);
 
-      // Special case for Location and Navigator. Both Safari and FF let
-      // Location and Navigator JS wrappers survive GC. To mimic their
-      // behaviors, V8 creates hidden references from the DOMWindow to
-      // location and navigator objects. These references get cleared
-      // when the DOMWindow is reused by a new page.
-      if (type == V8ClassIndex::LOCATION) {
-        SetHiddenWindowReference(static_cast<Location*>(imp)->frame(),
-          V8Custom::kDOMWindowLocationIndex, result);
-      } else if (type == V8ClassIndex::NAVIGATOR) {
-        SetHiddenWindowReference(static_cast<Navigator*>(imp)->frame(),
-          V8Custom::kDOMWindowNavigatorIndex, result);
+      // Special case for non-node objects History, Location and
+      // Navigator. Both Safari and FF let Location and Navigator JS
+      // wrappers survive GC. To mimic their behaviors, V8 creates
+      // hidden references from the DOMWindow to these wrapper
+      // objects. These references get cleared when the DOMWindow is
+      // reused by a new page.
+      switch (type) {
+        case V8ClassIndex::HISTORY:
+          SetHiddenWindowReference(static_cast<History*>(imp)->frame(),
+                                   V8Custom::kDOMWindowHistoryIndex, result);
+          break;
+        case V8ClassIndex::NAVIGATOR:
+          SetHiddenWindowReference(static_cast<Navigator*>(imp)->frame(),
+                                   V8Custom::kDOMWindowNavigatorIndex, result);
+          break;
+        case V8ClassIndex::LOCATION:
+          SetHiddenWindowReference(static_cast<Location*>(imp)->frame(),
+                                   V8Custom::kDOMWindowLocationIndex, result);
+          break;
+        default:
+          break;
       }
     }
   }
diff --git a/webkit/tools/layout_tests/test_expectations.txt b/webkit/tools/layout_tests/test_expectations.txt
index 590af95..bc032cd5 100644
--- a/webkit/tools/layout_tests/test_expectations.txt
+++ b/webkit/tools/layout_tests/test_expectations.txt
@@ -2236,7 +2236,6 @@ LINUX : LayoutTests/fast/text/international/rtl-white-space-pre-wrap.html = FAIL
 // Refer to this bug: http://code.google.com/p/chromium/issues/detail?id=9324
 DEFER : LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-progress-events.html = TIMEOUT PASS
 // Regression
-LayoutTests/http/tests/security/cross-frame-access-history-put.html = FAIL
 MAC : LayoutTests/http/tests/xmlhttprequest/simple-cross-origin-denied-events-post.html = TIMEOUT
 
 // Merge 41827:41860 Regressions
author	ager@chromium.org <ager@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-26 12:33:01 +0000
committer	ager@chromium.org <ager@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-26 12:33:01 +0000
commit	698beb99c016a6d7263f0d8cb45e69a9f22a91ab (patch)
tree	3aba3607dcbad042b80b22597012c3ab0de0a2ef
parent	49435ccdf622976494dd3dcbc6912994407febd1 (diff)
download	chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.zip chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.tar.gz chromium_src-698beb99c016a6d7263f0d8cb45e69a9f22a91ab.tar.bz2