Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d6ac3a6af378fd0a654f53a088eb8169e7d548fd
https://github.com/WebKit/WebKit/commit/d6ac3a6af378fd0a654f53a088eb8169e7d548fd
Author: Ahmad Saleem <[email protected]>
Date: 2026-04-13 (Mon, 13 Apr 2026)
Changed paths:
M LayoutTests/fast/dom/Geolocation/callback-to-deleted-context-expected.txt
M LayoutTests/fast/dom/Geolocation/callback-to-deleted-context.html
M LayoutTests/fast/frames/frame-window-as-callback-expected.txt
M LayoutTests/fast/frames/frame-window-as-callback.html
M LayoutTests/fast/frames/resources/wrong-global-object.html
M
LayoutTests/imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.tentative-expected.txt
M
LayoutTests/imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.tentative.html
M Source/WebCore/bindings/js/JSCallbackData.cpp
Log Message:
-----------
Use callback object's associated Realm in JSCallbackData::invokeCallback per
WebIDL spec
https://bugs.webkit.org/show_bug.cgi?id=312092
rdar://174595076
Reviewed by Yusuke Suzuki.
Align JSCallbackData::invokeCallback with the WebIDL "call a user
object's operation" algorithm [1].
Per step 4, "Let realm be O's associated Realm" — use the callback
object's Realm (via realmMayBeNull()) for error creation, property
lookups, and invocation instead of the stored globalObject from where
createTreeWalker/createNodeIterator was called.
Per step 8, "Prepare to run script with relevant settings" — check
if the callback Realm's responsible document is fully active before
invoking. If not (e.g., detached iframe), throw a TypeError.
Additionally, re-wrap cross-Realm TypeErrors after native function
dispatch, since JSC's Interpreter::executeCallImpl uses
function->realm() for native calls rather than the caller-provided
globalObject.
[1] https://webidl.spec.whatwg.org/#call-a-user-objects-operation
*
LayoutTests/imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-expected.txt:
Progressions
*
LayoutTests/imported/w3c/web-platform-tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context-expected.txt:
Ditto
* Source/WebCore/bindings/js/JSCallbackData.cpp:
(WebCore::JSCallbackData::invokeCallback):
> Other Test Changes Summary:
* LayoutTests/fast/dom/Geolocation/callback-to-deleted-context.html:
Updated to expect no callbacks invoked (testPassed instead of testFailed),
matching the test's own description that callbacks to deleted contexts
should not be made. Previously contradictory — description said callbacks
should not fire, but code treated firing as PASS.
* LayoutTests/fast/dom/Geolocation/callback-to-deleted-context-expected.txt:
Updated expected output to reflect correct behavior.
* LayoutTests/fast/frames/frame-window-as-callback.html:
Replaced e.constructor.constructor("debug(document.result)")() trick with
direct e.constructor === f.contentWindow.TypeError check. The old approach
broke because debug() now executes in the iframe's context (callback's
realm) and writes to the wrong document.
* LayoutTests/fast/frames/frame-window-as-callback-expected.txt:
Updated expected output.
* LayoutTests/fast/frames/resources/wrong-global-object.html:
No longer needed for the realm check, but kept as the iframe source.
*
LayoutTests/imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.tentative.html:
Fixed incorrect expectation: changed evaluateGlobalObject.TypeError to
resolverGlobalObject.TypeError per WebIDL spec step 4 — the error should
be from the callback object's (resolver's) associated Realm.
*
LayoutTests/imported/w3c/web-platform-tests/domxpath/resolver-callback-interface-cross-realm.tentative-expected.txt:
All 5 subtests now PASS (previously 3 PASS, 2 FAIL).
Canonical link: https://commits.webkit.org/311063@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
