diff options
| author | fqian@google.com <fqian@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-24 18:16:09 +0000 |
|---|---|---|
| committer | fqian@google.com <fqian@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-24 18:16:09 +0000 |
| commit | c6c5f0a292ac05fafd36b9c4b03242ed617d8ee1 (patch) | |
| tree | 3db1d1733220cd6bdc586228afec87ba3611fa82 /webkit | |
| parent | c0bdc575a1ada4d36844f9a868c1b08205526546 (diff) | |
| download | chromium_src-c6c5f0a292ac05fafd36b9c4b03242ed617d8ee1.zip chromium_src-c6c5f0a292ac05fafd36b9c4b03242ed617d8ee1.tar.gz chromium_src-c6c5f0a292ac05fafd36b9c4b03242ed617d8ee1.tar.bz2 | |
Revert part of changes made in http://codereview.chromium.org/10687
The document wrapper wasn't kept alive in the life time of the frame. This results issue 4532.
I don't how to create a test case yet, but verified that dromaeo test runs fine with this fix.
Review URL: http://codereview.chromium.org/11376
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5924 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'webkit')
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.cpp | 45 | ||||
| -rw-r--r-- | webkit/port/bindings/v8/v8_proxy.h | 4 |
2 files changed, 41 insertions, 8 deletions
diff --git a/webkit/port/bindings/v8/v8_proxy.cpp b/webkit/port/bindings/v8/v8_proxy.cpp index a39f06b..078a829 100644 --- a/webkit/port/bindings/v8/v8_proxy.cpp +++ b/webkit/port/bindings/v8/v8_proxy.cpp @@ -1650,22 +1650,46 @@ void V8Proxy::DomainChanged(Frame* frame) } +void V8Proxy::UpdateDocumentWrapper(v8::Handle<v8::Value> wrapper) { + ClearDocumentWrapper(); + + ASSERT(m_document.IsEmpty()); + m_document = v8::Persistent<v8::Value>::New(wrapper); +#ifndef NDEBUG + RegisterGlobalHandle(PROXY, this, m_document); +#endif +} + + +void V8Proxy::ClearDocumentWrapper() +{ + if (!m_document.IsEmpty()) { +#ifndef NDEBUG + UnregisterGlobalHandle(this, m_document); +#endif + m_document.Dispose(); + m_document.Clear(); + } +} + + void V8Proxy::clearForClose() { - if (m_context.IsEmpty()) - return; + if (!m_context.IsEmpty()) { + v8::HandleScope handle_scope; - m_context.Dispose(); - m_context.Clear(); + ClearDocumentWrapper(); + m_context.Dispose(); + m_context.Clear(); + } } void V8Proxy::clearForNavigation() { - if (m_context.IsEmpty()) - return; - - { v8::HandleScope handle; + if (!m_context.IsEmpty()) { + v8::HandleScope handle; + ClearDocumentWrapper(); v8::Context::Scope context_scope(m_context); @@ -2720,6 +2744,11 @@ v8::Handle<v8::Value> V8Proxy::NodeToV8Object(Node* node) dom_node_map().set(node, v8::Persistent<v8::Object>::New(result)); if (is_document) { + Document* doc = static_cast<Document*>(node); + V8Proxy* proxy = V8Proxy::retrieve(doc->frame()); + if (proxy) + proxy->UpdateDocumentWrapper(result); + if (type == V8ClassIndex::HTMLDOCUMENT) { // Create marker object and insert it in two internal fields. // This is used to implement temporary shadowing of diff --git a/webkit/port/bindings/v8/v8_proxy.h b/webkit/port/bindings/v8/v8_proxy.h index bb16921..eef19c0 100644 --- a/webkit/port/bindings/v8/v8_proxy.h +++ b/webkit/port/bindings/v8/v8_proxy.h @@ -421,6 +421,8 @@ class V8Proxy { void initContextIfNeeded(); void DisconnectEventListeners(); void SetSecurityToken(); + void ClearDocumentWrapper(); + void UpdateDocumentWrapper(v8::Handle<v8::Value> wrapper); static bool CanAccessPrivate(DOMWindow* target); @@ -495,6 +497,8 @@ class V8Proxy { v8::Persistent<v8::Context> m_context; v8::Persistent<v8::Object> m_global; + v8::Persistent<v8::Value> m_document; + int m_handlerLineno; // A list of event listeners created for this frame, |