Title: [264066] releases/WebKitGTK/webkit-2.28/Source/WebCore
- Revision
- 264066
- Author
- carlo...@webkit.org
- Date
- 2020-07-08 02:01:36 -0700 (Wed, 08 Jul 2020)
Log Message
Merge r257746 - ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject.
https://bugs.webkit.org/show_bug.cgi?id=208290
<rdar://problem/59839476>
Reviewed by Chris Dumez.
The call to executeScriptIgnoringException() may have changed the current global
object of the window. We should be using the original global object that produced
the result string.
Also added a missing exception check needed after a potential rope resolution.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::executeIfJavaScriptURL):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (264065 => 264066)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-07-08 08:42:50 UTC (rev 264065)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-07-08 09:01:36 UTC (rev 264066)
@@ -1,3 +1,20 @@
+2020-03-02 Mark Lam <mark....@apple.com>
+
+ ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject.
+ https://bugs.webkit.org/show_bug.cgi?id=208290
+ <rdar://problem/59839476>
+
+ Reviewed by Chris Dumez.
+
+ The call to executeScriptIgnoringException() may have changed the current global
+ object of the window. We should be using the original global object that produced
+ the result string.
+
+ Also added a missing exception check needed after a potential rope resolution.
+
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::executeIfJavaScriptURL):
+
2020-04-23 Carlos Garcia Campos <cgar...@igalia.com>
[GTK] excessive wakeups/polling due to gdk_frame_clock_begin_updating
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/bindings/js/ScriptController.cpp (264065 => 264066)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/bindings/js/ScriptController.cpp 2020-07-08 08:42:50 UTC (rev 264065)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/bindings/js/ScriptController.cpp 2020-07-08 09:01:36 UTC (rev 264066)
@@ -811,8 +811,13 @@
const int _javascript_SchemeLength = sizeof("_javascript_:") - 1;
+ JSDOMGlobalObject* globalObject = jsWindowProxy(mainThreadNormalWorld()).window();
+ VM& vm = globalObject->vm();
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+
String decodedURL = decodeURLEscapeSequences(url.string());
auto result = executeScriptIgnoringException(decodedURL.substring(_javascript_SchemeLength));
+ RELEASE_ASSERT(&vm == &jsWindowProxy(mainThreadNormalWorld()).window()->vm());
// If executing script caused this frame to be removed from the page, we
// don't want to try to replace its document!
@@ -819,8 +824,14 @@
if (!m_frame.page())
return true;
+ if (!result)
+ return true;
+
String scriptResult;
- if (!result || !result.getString(jsWindowProxy(mainThreadNormalWorld()).window(), scriptResult))
+ bool isString = result.getString(globalObject, scriptResult);
+ RETURN_IF_EXCEPTION(throwScope, true);
+
+ if (!isString)
return true;
// FIXME: We should always replace the document, but doing so
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
