summaryrefslogtreecommitdiffstats
path: root/webkit/glue/plugins
diff options
context:
space:
mode:
authorjam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-04-16 18:19:44 +0000
committerjam@chromium.org <jam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-04-16 18:19:44 +0000
commitf2eefdabd9adf6c31676a401b4fc01e4e9218cbe (patch)
tree108efd9f9abbd08201b4623e6f509ea445cf8ccf /webkit/glue/plugins
parent2b2d1697cd3cd6303b372949565bb8ac87741589 (diff)
downloadchromium_src-f2eefdabd9adf6c31676a401b4fc01e4e9218cbe.zip
chromium_src-f2eefdabd9adf6c31676a401b4fc01e4e9218cbe.tar.gz
chromium_src-f2eefdabd9adf6c31676a401b4fc01e4e9218cbe.tar.bz2
Ensure we check the page pointer before using it after we come out of NPP_HandleEvent, as it might have gone away depending on JavaScript that was executed by the plugin.
BUG=9955 Review URL: http://codereview.chromium.org/75026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13858 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit/glue/plugins')
-rw-r--r--webkit/glue/plugins/test/plugin_client.cc62
-rw-r--r--webkit/glue/plugins/test/plugin_windowless_test.cc22
-rw-r--r--webkit/glue/plugins/webplugin_delegate_impl.cc6
-rw-r--r--webkit/glue/plugins/webplugin_delegate_impl.h2
4 files changed, 52 insertions, 40 deletions
diff --git a/webkit/glue/plugins/test/plugin_client.cc b/webkit/glue/plugins/test/plugin_client.cc
index 3a3d3a5..de6cd2a 100644
--- a/webkit/glue/plugins/test/plugin_client.cc
+++ b/webkit/glue/plugins/test/plugin_client.cc
@@ -43,7 +43,7 @@ NPError PluginClient::GetEntryPoints(NPPluginFuncs* pFuncs) {
pFuncs->urlnotify = NPP_URLNotify;
pFuncs->getvalue = NPP_GetValue;
pFuncs->setvalue = NPP_SetValue;
- pFuncs->javaClass = reinterpret_cast<JRIGlobalRef>(NPP_GetJavaClass);
+ pFuncs->javaClass = static_cast<JRIGlobalRef>(NPP_GetJavaClass);
return NPERR_NO_ERROR;
}
@@ -79,83 +79,79 @@ NPError NPP_New(NPMIMEType pluginType, NPP instance, uint16 mode,
// that against a given test and try to instantiate it.
// lookup the name parameter
- int name_index = 0;
- for (name_index = 0; name_index < argc; name_index++)
- if (base::strcasecmp(argn[name_index], "name") == 0)
+ std::string test_name;
+ for (int name_index = 0; name_index < argc; name_index++)
+ if (base::strcasecmp(argn[name_index], "name") == 0) {
+ test_name = argv[name_index];
break;
+ }
- if (name_index >= argc)
+ if (test_name.empty())
return NPERR_GENERIC_ERROR; // no name found
NPError ret = NPERR_GENERIC_ERROR;
bool windowless_plugin = false;
-
+
NPAPIClient::PluginTest *new_test = NULL;
- if (base::strcasecmp(argv[name_index], "arguments") == 0) {
+ if (test_name == "arguments") {
new_test = new NPAPIClient::PluginArgumentsTest(instance,
NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index], "geturl") == 0) {
+ } else if (test_name == "geturl") {
new_test = new NPAPIClient::PluginGetURLTest(instance,
NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index], "npobject_proxy") == 0) {
+ } else if (test_name == "npobject_proxy") {
new_test = new NPAPIClient::NPObjectProxyTest(instance,
NPAPIClient::PluginClient::HostFunctions());
#if defined(OS_WIN)
// TODO(port): plugin_windowless_test.*.
- } else if ((base::strcasecmp(argv[name_index],
- "execute_script_delete_in_paint") == 0) ||
- (base::strcasecmp(argv[name_index],
- "execute_script_delete_in_mouse_move") == 0)) {
+ } else if (test_name == "execute_script_delete_in_paint" ||
+ test_name == "execute_script_delete_in_mouse_move" ||
+ test_name == "delete_frame_test") {
new_test = new NPAPIClient::WindowlessPluginTest(instance,
- NPAPIClient::PluginClient::HostFunctions(), argv[name_index]);
+ NPAPIClient::PluginClient::HostFunctions(), test_name);
windowless_plugin = true;
#endif
- } else if (base::strcasecmp(argv[name_index], "getjavascripturl") == 0) {
+ } else if (test_name == "getjavascripturl") {
new_test = new NPAPIClient::ExecuteGetJavascriptUrlTest(instance,
NPAPIClient::PluginClient::HostFunctions());
#if defined(OS_WIN)
// TODO(port): plugin_window_size_test.*.
- } else if (base::strcasecmp(argv[name_index], "checkwindowrect") == 0) {
+ } else if (test_name == "checkwindowrect") {
new_test = new NPAPIClient::PluginWindowSizeTest(instance,
NPAPIClient::PluginClient::HostFunctions());
#endif
- } else if (base::strcasecmp(argv[name_index],
- "self_delete_plugin_stream") == 0) {
+ } else if (test_name == "self_delete_plugin_stream") {
new_test = new NPAPIClient::DeletePluginInStreamTest(instance,
NPAPIClient::PluginClient::HostFunctions());
#if defined(OS_WIN)
// TODO(port): plugin_npobject_lifetime_test.*.
- } else if (base::strcasecmp(argv[name_index],
- "npobject_lifetime_test") == 0) {
+ } else if (test_name == "npobject_lifetime_test") {
new_test = new NPAPIClient::NPObjectLifetimeTest(instance,
NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index],
- "npobject_lifetime_test_second_instance") == 0) {
+ } else if (test_name == "npobject_lifetime_test_second_instance") {
new_test = new NPAPIClient::NPObjectLifetimeTestInstance2(instance,
NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index],
- "npobject_delete_plugin_in_evaluate") == 0) {
+ } else if (test_name == "new_fails") {
+ new_test = new NPAPIClient::NewFailsTest(instance,
+ NPAPIClient::PluginClient::HostFunctions());
+ } else if (test_name == "npobject_delete_plugin_in_evaluate") {
new_test = new NPAPIClient::NPObjectDeletePluginInNPN_Evaluate(instance,
NPAPIClient::PluginClient::HostFunctions());
#endif
- } else if (base::strcasecmp(argv[name_index], "new_fails") == 0) {
- new_test = new NPAPIClient::NewFailsTest(instance,
- NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index],
- "plugin_javascript_open_popup_with_plugin") == 0) {
+ } else if (test_name ==
+ "plugin_javascript_open_popup_with_plugin") {
new_test = new NPAPIClient::ExecuteJavascriptOpenPopupWithPluginTest(
instance, NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index],
- "plugin_popup_with_plugin_target") == 0) {
+ } else if (test_name == "plugin_popup_with_plugin_target") {
new_test = new NPAPIClient::ExecuteJavascriptPopupWindowTargetPluginTest(
instance, NPAPIClient::PluginClient::HostFunctions());
- } else if (base::strcasecmp(argv[name_index], "private") == 0) {
+ } else if (test_name == "private") {
new_test = new NPAPIClient::PrivateTest(instance,
NPAPIClient::PluginClient::HostFunctions());
} else {
// If we don't have a test case for this, create a
// generic one which basically never fails.
- LOG(WARNING) << "Unknown test name '" << argv[name_index]
+ LOG(WARNING) << "Unknown test name '" << test_name
<< "'; using default test.";
new_test = new NPAPIClient::PluginTest(instance,
NPAPIClient::PluginClient::HostFunctions());
diff --git a/webkit/glue/plugins/test/plugin_windowless_test.cc b/webkit/glue/plugins/test/plugin_windowless_test.cc
index 131102c..74f422e 100644
--- a/webkit/glue/plugins/test/plugin_windowless_test.cc
+++ b/webkit/glue/plugins/test/plugin_windowless_test.cc
@@ -29,8 +29,7 @@ int16 WindowlessPluginTest::HandleEvent(void* event) {
NPEvent* np_event = reinterpret_cast<NPEvent*>(event);
if (WM_PAINT == np_event->event &&
- base::strcasecmp(test_name_.c_str(),
- "execute_script_delete_in_paint") == 0) {
+ test_name_ == "execute_script_delete_in_paint") {
HDC paint_dc = reinterpret_cast<HDC>(np_event->wParam);
if (paint_dc == NULL) {
SetError("Invalid Window DC passed to HandleEvent for WM_PAINT");
@@ -53,13 +52,11 @@ int16 WindowlessPluginTest::HandleEvent(void* event) {
browser->geturl(id(), urlString, targetString);
SignalTestCompleted();
} else if (WM_MOUSEMOVE == np_event->event &&
- base::strcasecmp(test_name_.c_str(),
- "execute_script_delete_in_mouse_move") == 0) {
+ test_name_ == "execute_script_delete_in_mouse_move") {
std::string script = "javascript:DeletePluginWithinScript()";
NPString script_string;
script_string.UTF8Characters = script.c_str();
- script_string.UTF8Length =
- static_cast<unsigned int>(script.length());
+ script_string.UTF8Length = static_cast<unsigned int>(script.length());
NPObject *window_obj = NULL;
browser->getvalue(id(), NPNVWindowNPObject, &window_obj);
@@ -67,6 +64,19 @@ int16 WindowlessPluginTest::HandleEvent(void* event) {
NPError result = browser->evaluate(id(), window_obj,
&script_string, &result_var);
SignalTestCompleted();
+ } else if (WM_LBUTTONUP == np_event->event &&
+ test_name_ == "delete_frame_test") {
+ std::string script =
+ "javascript:parent.document.getElementById('frame').outerHTML = ''";
+ NPString script_string;
+ script_string.UTF8Characters = script.c_str();
+ script_string.UTF8Length = static_cast<unsigned int>(script.length());
+
+ NPObject *window_obj = NULL;
+ browser->getvalue(id(), NPNVWindowNPObject, &window_obj);
+ NPVariant result_var;
+ NPError result = browser->evaluate(id(), window_obj,
+ &script_string, &result_var);
}
// If this test failed, then we'd have crashed by now.
return PluginTest::HandleEvent(event);
diff --git a/webkit/glue/plugins/webplugin_delegate_impl.cc b/webkit/glue/plugins/webplugin_delegate_impl.cc
index 87d02cb..cd11d07 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl.cc
+++ b/webkit/glue/plugins/webplugin_delegate_impl.cc
@@ -220,7 +220,11 @@ WebPluginDelegateImpl::~WebPluginDelegateImpl() {
}
void WebPluginDelegateImpl::PluginDestroyed() {
- delete this;
+ if (handle_event_depth_) {
+ MessageLoop::current()->DeleteSoon(FROM_HERE, this);
+ } else {
+ delete this;
+ }
}
bool WebPluginDelegateImpl::Initialize(const GURL& url,
diff --git a/webkit/glue/plugins/webplugin_delegate_impl.h b/webkit/glue/plugins/webplugin_delegate_impl.h
index a429e63..9110c47 100644
--- a/webkit/glue/plugins/webplugin_delegate_impl.h
+++ b/webkit/glue/plugins/webplugin_delegate_impl.h
@@ -90,6 +90,8 @@ class WebPluginDelegateImpl : public WebPluginDelegate {
virtual int GetQuirks() const { return quirks_; }
private:
+ friend class DeleteTask<WebPluginDelegateImpl>;
+
WebPluginDelegateImpl(gfx::NativeView containing_view,
NPAPI::PluginInstance *instance);
~WebPluginDelegateImpl();