[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-34-g43a6bb2
Gustavo Noronha Silva
gustavo.noronha at collabora.co.uk
Wed Oct 7 06:26:40 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 327d508f1e563805bc3df2fdbf7118706a370547
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Oct 1 05:52:56 2009 +0000
reproducible freeze and crash on closing form popup at bosch-home.nl
https://bugs.webkit.org/show_bug.cgi?id=28948
Reviewed by Maciej Stachowiak.
showModalDialog calls getDirect on what is actually a window shell,
so ends up not getting a value (since no value can ever be placed
directly on the shell), which leads to incorrect behaviour.
We use a manual test rather than automatic as it was not
possible to get a modal run loop to work inside DRT.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 7217fc8..82bd7e8 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -925,7 +925,15 @@ JSValue JSDOMWindow::showModalDialog(ExecState* exec, const ArgList& args)
JSDOMWindow* dialogWindow = toJSDOMWindow(dialogFrame);
dialogFrame->page()->chrome()->runModal();
- return dialogWindow->getDirect(Identifier(exec, "returnValue"));
+ Identifier returnValue(exec, "returnValue");
+ if (dialogWindow->allowsAccessFromNoErrorMessage(exec)) {
+ PropertySlot slot;
+ // This is safe, we have already performed the origin security check and we are
+ // not interested in any of the DOM properties of the window.
+ if (dialogWindow->JSGlobalObject::getOwnPropertySlot(exec, returnValue, slot))
+ return slot.getValue(exec, returnValue);
+ }
+ return jsUndefined();
}
JSValue JSDOMWindow::postMessage(ExecState* exec, const ArgList& args)
diff --git a/WebCore/manual-tests/showModalDialog-returnValue.html b/WebCore/manual-tests/showModalDialog-returnValue.html
new file mode 100644
index 0000000..fbc3ee3
--- /dev/null
+++ b/WebCore/manual-tests/showModalDialog-returnValue.html
@@ -0,0 +1,13 @@
+This test makes sure we don't crash when storing the return value from showModalDialog. Popup blocking needs to be disabled for this test to run.<br>
+<script>
+if (showModalDialog("data:text/html,<script>returnValue={value:'PASS'}; close()</"+"script>").value == "PASS")
+ document.write("<span style='color:green'>Test passed.<br>");
+else
+ document.write("<span style='color:red'>Test failed due to incorrect result.<br>");
+value = showModalDialog("data:text/html,<script>close()</"+"script>");
+if (!value)
+ document.write("<span style='color:green'>Test passed.<br>");
+else
+ document.write("<span style='color:red'>Test failed due to incorrect result.<br>");
+
+</script>
\ No newline at end of file
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list