diff options
| author | ager@google.com <ager@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-05 12:02:17 +0000 |
|---|---|---|
| committer | ager@google.com <ager@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-01-05 12:02:17 +0000 |
| commit | 782bc5876068cd1cf97b630ef0208f5c2226f77c (patch) | |
| tree | 828a5a3b234cec88f9e55581de80a5436918ae9e | |
| parent | 3855a09a7d5a03b53a86ee668ac5f95fc53d9884 (diff) | |
| download | chromium_src-782bc5876068cd1cf97b630ef0208f5c2226f77c.zip chromium_src-782bc5876068cd1cf97b630ef0208f5c2226f77c.tar.gz chromium_src-782bc5876068cd1cf97b630ef0208f5c2226f77c.tar.bz2 | |
Ensure that constructor functions are created in the context of the
corresponding DOMWindow.
This is important for instance for XMLHttpRequests, so that they are
created with the right document. If the XMLHttpRequest function is
created in the context of the caller, URI resolution will be broken
for the request.
Review URL: http://codereview.chromium.org/17053
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7542 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/port/bindings/scripts/CodeGeneratorV8.pm | 10 | ||||
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.cpp | 19 | ||||
| -rw-r--r-- | webkit/tools/layout_tests/test_lists/tests_fixable.txt | 6 |
3 files changed, 20 insertions, 15 deletions
diff --git a/webkit/port/bindings/scripts/CodeGeneratorV8.pm b/webkit/port/bindings/scripts/CodeGeneratorV8.pm index b128c8a..0b3b277 100644 --- a/webkit/port/bindings/scripts/CodeGeneratorV8.pm +++ b/webkit/port/bindings/scripts/CodeGeneratorV8.pm @@ -415,9 +415,15 @@ sub GenerateConstructorGetter INC_STATS(\"DOM.$implClassName.constructors._get\"); v8::Handle<v8::Value> data = info.Data(); ASSERT(data->IsNumber()); - V8ClassIndex::V8WrapperType type = V8ClassIndex::FromInt(data->Int32Value()); - + DOMWindow* window = V8Proxy::ToNativeObject<DOMWindow>(V8ClassIndex::DOMWINDOW, info.Holder()); + Frame* frame = window->frame(); + if (frame) { + // Get the proxy corresponding to the DOMWindow if possible to + // make sure that the constructor function is constructed in the + // context of the DOMWindow and not in the context of the caller. + return V8Proxy::retrieve(frame)->GetConstructor(type); + } return V8Proxy::retrieve()->GetConstructor(type); } diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp index f2ea252..dd46d2b 100644 --- a/webkit/port/bindings/v8/v8_proxy.cpp +++ b/webkit/port/bindings/v8/v8_proxy.cpp @@ -1460,9 +1460,14 @@ v8::Local<v8::Function> V8Proxy::GetConstructor(V8ClassIndex::V8WrapperType t) // Not in cache. { + // Enter the context of the proxy to make sure that the + // function is constructed in the context corresponding to + // this proxy. + v8::Context::Scope scope(m_context); v8::Handle<v8::FunctionTemplate> templ = GetTemplate(t); + // Getting the function might fail if we're running out of + // stack or memory. v8::TryCatch try_catch; - // This might fail if we're running out of stack or memory. v8::Local<v8::Function> value = templ->GetFunction(); if (value.IsEmpty()) return v8::Local<v8::Function>(); @@ -1776,12 +1781,12 @@ v8::Persistent<v8::FunctionTemplate> V8Proxy::GetTemplate( break; case V8ClassIndex::XMLHTTPREQUEST: { // Reserve one more internal field for keeping event listeners. - v8::Local<v8::ObjectTemplate> instance_template = - desc->InstanceTemplate(); - instance_template->SetInternalFieldCount( - V8Custom::kXMLHttpRequestInternalFieldCount); - desc->SetCallHandler(USE_CALLBACK(XMLHttpRequestConstructor)); - break; + v8::Local<v8::ObjectTemplate> instance_template = + desc->InstanceTemplate(); + instance_template->SetInternalFieldCount( + V8Custom::kXMLHttpRequestInternalFieldCount); + desc->SetCallHandler(USE_CALLBACK(XMLHttpRequestConstructor)); + break; } case V8ClassIndex::XMLHTTPREQUESTUPLOAD: { // Reserve one more internal field for keeping event listeners. diff --git a/webkit/tools/layout_tests/test_lists/tests_fixable.txt b/webkit/tools/layout_tests/test_lists/tests_fixable.txt index be7a4b6..a07fffd 100644 --- a/webkit/tools/layout_tests/test_lists/tests_fixable.txt +++ b/webkit/tools/layout_tests/test_lists/tests_fixable.txt @@ -1782,12 +1782,6 @@ LINUX : LayoutTests/fast/transforms/transformed-document-element.html = FAIL // started with r7379 WIN DEBUG : LayoutTests/editing/execCommand/paste-2.html = PASS FAIL -// Merge 39438:39453 -- new tests. -LayoutTests/http/tests/xmlhttprequest/uri-resolution-opera-open-004.html = FAIL -LayoutTests/http/tests/xmlhttprequest/uri-resolution-opera-open-005.html = FAIL -LayoutTests/http/tests/xmlhttprequest/uri-resolution-opera-open-006.html = FAIL -LayoutTests/http/tests/xmlhttprequest/uri-resolution-opera-open-007.html = FAIL - // Merge 39438:39453 -- new tests missing expected results. Probably going to // fail anyway, since chromium does not support webarchive format. SKIP : LayoutTests/webarchive/test-css-url-resources-in-stylesheets.html = FAIL |