diff options
| author | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-10 14:20:41 +0000 |
|---|---|---|
| committer | kalman@chromium.org <kalman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-10 14:20:41 +0000 |
| commit | 195487fc27da171fc6a7420991d947033d33ebf0 (patch) | |
| tree | c6628640bfab88fa67553e763190b47cc8dfe83a /content/renderer/v8_value_converter_impl.h | |
| parent | 5a730cc079afbaf81f59c529da08d90c75210c13 (diff) | |
| download | chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.zip chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.tar.gz chromium_src-195487fc27da171fc6a7420991d947033d33ebf0.tar.bz2 | |
Revert 205184 "Revert 204057 "Recurse to a maximum depth of 10 i..."
> Revert 204057 "Recurse to a maximum depth of 10 in v8_value_conv..."
>
> The commit caused crbug.com/248019.
>
> > Recurse to a maximum depth of 10 in v8_value_converter_impl.cc. There are
> > objects that get passed in (canonically <input> elements apparently) which
> > recurse infinitely (as opposed to having a self-referential loop).
> >
> > The previous solution to this problem (r150035) was to disable getters, which
> > apparently were the main cause, but this is no longer appropriate - we now use
> > this mechanism for all extension messaging, and this has become a problem (see
> > bug 246213).
> >
> > TBR=jamesr@chromium.org, mpcomplete@chromium.org
> >
> > BUG=246213,139933
> >
> > Review URL: https://codereview.chromium.org/16295013
>
> TBR=kalman@chromium.org
>
> Review URL: https://codereview.chromium.org/16733002
TBR=marja@chromium.org
Review URL: https://codereview.chromium.org/16511004
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@205209 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/renderer/v8_value_converter_impl.h')
| -rw-r--r-- | content/renderer/v8_value_converter_impl.h | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/content/renderer/v8_value_converter_impl.h b/content/renderer/v8_value_converter_impl.h index 4f58849..f5ad10a 100644 --- a/content/renderer/v8_value_converter_impl.h +++ b/content/renderer/v8_value_converter_impl.h @@ -39,7 +39,8 @@ class CONTENT_EXPORT V8ValueConverterImpl : public V8ValueConverter { private: friend class ScopedAvoidIdentityHashForTesting; - typedef std::multimap<int, v8::Handle<v8::Object> > HashToHandleMap; + + class FromV8ValueState; v8::Handle<v8::Value> ToV8ValueImpl(const base::Value* value) const; v8::Handle<v8::Value> ToV8Array(const base::ListValue* list) const; @@ -48,9 +49,9 @@ class CONTENT_EXPORT V8ValueConverterImpl : public V8ValueConverter { v8::Handle<v8::Value> ToArrayBuffer(const base::BinaryValue* value) const; base::Value* FromV8ValueImpl(v8::Handle<v8::Value> value, - HashToHandleMap* unique_map) const; + FromV8ValueState* state) const; base::Value* FromV8Array(v8::Handle<v8::Array> array, - HashToHandleMap* unique_map) const; + FromV8ValueState* state) const; // This will convert objects of type ArrayBuffer or any of the // ArrayBufferView subclasses. The return value will be NULL if |value| is @@ -58,15 +59,7 @@ class CONTENT_EXPORT V8ValueConverterImpl : public V8ValueConverter { base::BinaryValue* FromV8Buffer(v8::Handle<v8::Value> value) const; base::Value* FromV8Object(v8::Handle<v8::Object> object, - HashToHandleMap* unique_map) const; - - // If |handle| is not in |map|, then add it to |map| and return true. - // Otherwise do nothing and return false. Here "A is unique" means that no - // other handle B in the map points to the same object as A. Note that A can - // be unique even if there already is another handle with the same identity - // hash (key) in the map, because two objects can have the same hash. - bool UpdateAndCheckUniqueness(HashToHandleMap* map, - v8::Handle<v8::Object> handle) const; + FromV8ValueState* state) const; // If true, we will convert Date JavaScript objects to doubles. bool date_allowed_; |