[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
ap at apple.com
ap at apple.com
Thu Oct 29 20:34:25 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit ed84b35afff49b3658fc3af04fcf5b59736e9631
Author: ap at apple.com <ap at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Sep 25 20:44:11 2009 +0000
Reviewed by Darin Adler and Sam Weinig.
Onclick not fired for an element copied with cloneContents() or cloneNode()
https://bugs.webkit.org/show_bug.cgi?id=25130
The change here is that JS event listeners don't keep a reference to a global object from
where they were created, and instead take it as a parameter when parsing source code. Also,
the listener creation won't fail just because it happens for an element in a frameless
document.
Thus, moving nodes between documents no longer results in having incorrect registered
lazy event listeners on them.
Tests: fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html
fast/events/attribute-listener-cloned-from-frameless-doc-context.html
fast/events/attribute-listener-cloned-from-frameless-doc.xhtml
fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html
fast/events/attribute-listener-extracted-from-frameless-doc-context.html
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::JSEventListener): Don't take a reference to JSDOMGlobalObject.
(WebCore::JSEventListener::jsFunction): Take ScriptExecutionContext as a parameter for
getting to JSDOMGlobalObject. It's not used in base class, but is in JSLazyEventListner.
(WebCore::JSEventListener::markJSFunction): Don't mark the global object.
(WebCore::JSEventListener::handleEvent): Get global object from ScriptExecutionContext.
(WebCore::JSEventListener::reportError): Ditto.
* bindings/js/JSEventListener.h: (WebCore::JSEventListener::create): Don't keep a reference
to JSDOMGlobalObject.
* bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::parseCode): Listener
creation was split between this function and ScriptEventListener; moved it here, as JS
global object can be different now.
* bindings/js/JSLazyEventListener.h: (WebCore::JSLazyEventListener::create): Keep source URL,
which can not be determined at parsing time.
* bindings/js/ScriptEventListener.cpp: (WebCore::createAttributeEventListener): Moved code
for listener creation to JSLazyEventListener. XSSAuditor code remains here, because tests
expect that errors are logged at document parsing time, and because I don't know what other
side effects moving it vould have.
* dom/EventListener.h: handleEvent() and reportError() now take ScriptExecutionContext,
because JSC needs a global context here.
* bindings/js/JSAbstractWorkerCustom.cpp:
(WebCore::JSAbstractWorker::addEventListener):
(WebCore::JSAbstractWorker::removeEventListener):
* bindings/js/JSDOMApplicationCacheCustom.cpp:
(WebCore::JSDOMApplicationCache::addEventListener):
(WebCore::JSDOMApplicationCache::removeEventListener):
* bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::createJSAttributeEventListener):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::addEventListener):
(WebCore::JSDOMWindow::removeEventListener):
* bindings/js/JSEventSourceCustom.cpp:
(WebCore::JSEventSource::addEventListener):
(WebCore::JSEventSource::removeEventListener):
* bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::addEventListener):
(WebCore::JSMessagePort::removeEventListener):
* bindings/js/JSNodeCustom.cpp:
(WebCore::JSNode::addEventListener):
(WebCore::JSNode::removeEventListener):
* bindings/js/JSSVGElementInstanceCustom.cpp:
(WebCore::JSSVGElementInstance::addEventListener):
(WebCore::JSSVGElementInstance::removeEventListener):
* bindings/js/JSWorkerContextCustom.cpp:
(WebCore::JSWorkerContext::addEventListener):
(WebCore::JSWorkerContext::removeEventListener):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::addEventListener):
(WebCore::JSXMLHttpRequest::removeEventListener):
* bindings/js/JSXMLHttpRequestUploadCustom.cpp:
(WebCore::JSXMLHttpRequestUpload::addEventListener):
(WebCore::JSXMLHttpRequestUpload::removeEventListener):
* bindings/objc/ObjCEventListener.h:
* bindings/objc/ObjCEventListener.mm:
(WebCore::ObjCEventListener::handleEvent):
* bindings/scripts/CodeGeneratorJS.pm:
* dom/EventTarget.cpp:
(WebCore::EventTarget::fireEventListeners):
* inspector/InspectorDOMAgent.cpp:
(WebCore::InspectorDOMAgent::handleEvent):
* inspector/InspectorDOMAgent.h:
* inspector/InspectorDOMStorageResource.cpp:
(WebCore::InspectorDOMStorageResource::handleEvent):
* inspector/InspectorDOMStorageResource.h:
* loader/ImageDocument.cpp:
(WebCore::ImageEventListener::handleEvent):
* svg/animation/SVGSMILElement.cpp:
(WebCore::ConditionEventListener::handleEvent):
* workers/WorkerContext.cpp:
(WebCore::WorkerContext::reportException):
Don't pass global object to JSEventListener::create(), which no longer needs it.
Note that some of these functions still have an early return for null global object, which
can probably be removed in a later patch.
Pass ScriptExecutionContext to EventListener methods that now need it.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48767 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 88f58a6..c7b6448 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,21 @@
+2009-09-24 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler and Sam Weinig.
+
+ Onclick not fired for an element copied with cloneContents() or cloneNode()
+ https://bugs.webkit.org/show_bug.cgi?id=25130
+
+ * fast/events/attribute-listener-cloned-from-frameless-doc-context-2-expected.txt: Added.
+ * fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html: Added.
+ * fast/events/attribute-listener-cloned-from-frameless-doc-context-expected.txt: Added.
+ * fast/events/attribute-listener-cloned-from-frameless-doc-context.html: Added.
+ * fast/events/attribute-listener-cloned-from-frameless-doc-expected.txt: Added.
+ * fast/events/attribute-listener-cloned-from-frameless-doc.xhtml: Added.
+ * fast/events/attribute-listener-extracted-from-frameless-doc-context-2-expected.txt: Added.
+ * fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html: Added.
+ * fast/events/attribute-listener-extracted-from-frameless-doc-context-expected.txt: Added.
+ * fast/events/attribute-listener-extracted-from-frameless-doc-context.html: Added.
+
2009-09-25 Darin Adler <darin at apple.com>
Checked in a file that was created by make-script-test-wrappers.
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-2-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-2-expected.txt
diff --git a/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html
new file mode 100644
index 0000000..c8b8f8b
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html
@@ -0,0 +1,32 @@
+<html>
+<body onload="test()">
+<iframe src='data:text/html,<a id="a" href="#" onclick="document.write(window != top ? '<p>FAIL</p>' : '<p>PASS</p>'); return false">link</a>'></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+ var doc = frames[0].document;
+ var range=doc.createRange();
+ range.selectNodeContents(doc.body);
+ var frag=range.cloneContents();
+ document.body.appendChild(frag);
+
+ frames[0].location = "data:text/html,";
+ frames[0].frameElement.onload = test2;
+}
+
+function test2()
+{
+ var event = top.document.createEvent('MouseEvent');
+ event.initEvent('click', true, true);
+ top.document.getElementsByTagName('a')[0].dispatchEvent(event);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context-expected.txt
diff --git a/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context.html b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context.html
new file mode 100644
index 0000000..ff32bea
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-context.html
@@ -0,0 +1,27 @@
+<html>
+<body onload="test()">
+<iframe src='data:text/html,<a id="a" href="#" onclick="document.write(window != top ? '<p>FAIL</p>' : '<p>PASS</p>'); return false">link</a>'></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+ var doc = frames[0].document;
+ var range=doc.createRange();
+ range.selectNodeContents(doc.body);
+ var frag=range.cloneContents();
+ document.body.appendChild(frag);
+
+ var event = top.document.createEvent('MouseEvent');
+ event.initEvent('click', true, true);
+ top.document.getElementsByTagName('a')[0].dispatchEvent(event);
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-expected.txt b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-expected.txt
new file mode 100644
index 0000000..3a7d04b
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc-expected.txt
@@ -0,0 +1,4 @@
+ALERT: SUCCESS
+Test that an element that was imported from a frameless document has functional attribute event listeners. Should alert "SUCCESS".
+
+Link (clicked automatically).Element.onclick result is correct.
diff --git a/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc.xhtml b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc.xhtml
new file mode 100644
index 0000000..787addb
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-cloned-from-frameless-doc.xhtml
@@ -0,0 +1,23 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<body>
+<p>Test that an element that was imported from a frameless document has functional attribute event listeners. Should alert "SUCCESS".</p>
+<script>
+<![CDATA[
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+ var doc = (new DOMParser).parseFromString('<html xmlns="http://www.w3.org/1999/xhtml"><a id="a" href="javascript:alert(\'FAIL\')" onclick="alert(\'SUCCESS\'); return false">Link (clicked automatically).</a></html>', "application/xhtml+xml");
+
+ var a = doc.documentElement.firstChild.cloneNode(true);
+ document.getElementsByTagName("body")[0].appendChild(a);
+
+ var event = document.createEvent('MouseEvent');
+ event.initEvent('click', true, true);
+ document.getElementsByTagName('a')[0].dispatchEvent(event);
+
+ if (0 == document.getElementsByTagName('a')[0].onclick.toString().indexOf("function onclick"))
+ document.body.appendChild(document.createTextNode("Element.onclick result is correct."));
+]]>
+</script>
+</body>
+</html>
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-2-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-2-expected.txt
diff --git a/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html
new file mode 100644
index 0000000..507125a
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html
@@ -0,0 +1,32 @@
+<html>
+<body onload="test()">
+<iframe src='data:text/html,<a id="a" href="#" onclick="document.write(window != top ? '<p>FAIL</p>' : '<p>PASS</p>'); return false">link</a>'></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+ var doc = frames[0].document;
+ var range=doc.createRange();
+ range.selectNodeContents(doc.body);
+ var frag=range.extractContents();
+ document.body.appendChild(frag);
+
+ frames[0].location = "data:text/html,";
+ frames[0].frameElement.onload = test2;
+}
+
+function test2()
+{
+ var event = top.document.createEvent('MouseEvent');
+ event.initEvent('click', true, true);
+ top.document.getElementsByTagName('a')[0].dispatchEvent(event);
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</body>
+</html>
diff --git a/LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/doubleclick-whitespace-img-crash-expected.txt
copy to LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context-expected.txt
diff --git a/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context.html b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context.html
new file mode 100644
index 0000000..fc70f13
--- /dev/null
+++ b/LayoutTests/fast/events/attribute-listener-extracted-from-frameless-doc-context.html
@@ -0,0 +1,27 @@
+<html>
+<body onload="test()">
+<iframe src='data:text/html,<a id="a" href="#" onclick="document.write(window != top ? '<p>FAIL</p>' : '<p>PASS</p>'); return false">link</a>'></iframe>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+ var doc = frames[0].document;
+ var range=doc.createRange();
+ range.selectNodeContents(doc.body);
+ var frag=range.extractContents();
+ document.body.appendChild(frag);
+
+ var event = top.document.createEvent('MouseEvent');
+ event.initEvent('click', true, true);
+ top.document.getElementsByTagName('a')[0].dispatchEvent(event);
+
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index b433eba..e8b7432 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,104 @@
+2009-09-24 Alexey Proskuryakov <ap at apple.com>
+
+ Reviewed by Darin Adler and Sam Weinig.
+
+ Onclick not fired for an element copied with cloneContents() or cloneNode()
+ https://bugs.webkit.org/show_bug.cgi?id=25130
+
+ The change here is that JS event listeners don't keep a reference to a global object from
+ where they were created, and instead take it as a parameter when parsing source code. Also,
+ the listener creation won't fail just because it happens for an element in a frameless
+ document.
+ Thus, moving nodes between documents no longer results in having incorrect registered
+ lazy event listeners on them.
+
+ Tests: fast/events/attribute-listener-cloned-from-frameless-doc-context-2.html
+ fast/events/attribute-listener-cloned-from-frameless-doc-context.html
+ fast/events/attribute-listener-cloned-from-frameless-doc.xhtml
+ fast/events/attribute-listener-extracted-from-frameless-doc-context-2.html
+ fast/events/attribute-listener-extracted-from-frameless-doc-context.html
+
+ * bindings/js/JSEventListener.cpp:
+ (WebCore::JSEventListener::JSEventListener): Don't take a reference to JSDOMGlobalObject.
+ (WebCore::JSEventListener::jsFunction): Take ScriptExecutionContext as a parameter for
+ getting to JSDOMGlobalObject. It's not used in base class, but is in JSLazyEventListner.
+ (WebCore::JSEventListener::markJSFunction): Don't mark the global object.
+ (WebCore::JSEventListener::handleEvent): Get global object from ScriptExecutionContext.
+ (WebCore::JSEventListener::reportError): Ditto.
+
+ * bindings/js/JSEventListener.h: (WebCore::JSEventListener::create): Don't keep a reference
+ to JSDOMGlobalObject.
+
+ * bindings/js/JSLazyEventListener.cpp: (WebCore::JSLazyEventListener::parseCode): Listener
+ creation was split between this function and ScriptEventListener; moved it here, as JS
+ global object can be different now.
+
+ * bindings/js/JSLazyEventListener.h: (WebCore::JSLazyEventListener::create): Keep source URL,
+ which can not be determined at parsing time.
+
+ * bindings/js/ScriptEventListener.cpp: (WebCore::createAttributeEventListener): Moved code
+ for listener creation to JSLazyEventListener. XSSAuditor code remains here, because tests
+ expect that errors are logged at document parsing time, and because I don't know what other
+ side effects moving it vould have.
+
+ * dom/EventListener.h: handleEvent() and reportError() now take ScriptExecutionContext,
+ because JSC needs a global context here.
+
+ * bindings/js/JSAbstractWorkerCustom.cpp:
+ (WebCore::JSAbstractWorker::addEventListener):
+ (WebCore::JSAbstractWorker::removeEventListener):
+ * bindings/js/JSDOMApplicationCacheCustom.cpp:
+ (WebCore::JSDOMApplicationCache::addEventListener):
+ (WebCore::JSDOMApplicationCache::removeEventListener):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::JSDOMGlobalObject::createJSAttributeEventListener):
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::addEventListener):
+ (WebCore::JSDOMWindow::removeEventListener):
+ * bindings/js/JSEventSourceCustom.cpp:
+ (WebCore::JSEventSource::addEventListener):
+ (WebCore::JSEventSource::removeEventListener):
+ * bindings/js/JSMessagePortCustom.cpp:
+ (WebCore::JSMessagePort::addEventListener):
+ (WebCore::JSMessagePort::removeEventListener):
+ * bindings/js/JSNodeCustom.cpp:
+ (WebCore::JSNode::addEventListener):
+ (WebCore::JSNode::removeEventListener):
+ * bindings/js/JSSVGElementInstanceCustom.cpp:
+ (WebCore::JSSVGElementInstance::addEventListener):
+ (WebCore::JSSVGElementInstance::removeEventListener):
+ * bindings/js/JSWorkerContextCustom.cpp:
+ (WebCore::JSWorkerContext::addEventListener):
+ (WebCore::JSWorkerContext::removeEventListener):
+ * bindings/js/JSXMLHttpRequestCustom.cpp:
+ (WebCore::JSXMLHttpRequest::addEventListener):
+ (WebCore::JSXMLHttpRequest::removeEventListener):
+ * bindings/js/JSXMLHttpRequestUploadCustom.cpp:
+ (WebCore::JSXMLHttpRequestUpload::addEventListener):
+ (WebCore::JSXMLHttpRequestUpload::removeEventListener):
+ * bindings/objc/ObjCEventListener.h:
+ * bindings/objc/ObjCEventListener.mm:
+ (WebCore::ObjCEventListener::handleEvent):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ * dom/EventTarget.cpp:
+ (WebCore::EventTarget::fireEventListeners):
+ * inspector/InspectorDOMAgent.cpp:
+ (WebCore::InspectorDOMAgent::handleEvent):
+ * inspector/InspectorDOMAgent.h:
+ * inspector/InspectorDOMStorageResource.cpp:
+ (WebCore::InspectorDOMStorageResource::handleEvent):
+ * inspector/InspectorDOMStorageResource.h:
+ * loader/ImageDocument.cpp:
+ (WebCore::ImageEventListener::handleEvent):
+ * svg/animation/SVGSMILElement.cpp:
+ (WebCore::ConditionEventListener::handleEvent):
+ * workers/WorkerContext.cpp:
+ (WebCore::WorkerContext::reportException):
+ Don't pass global object to JSEventListener::create(), which no longer needs it.
+ Note that some of these functions still have an early return for null global object, which
+ can probably be removed in a later patch.
+ Pass ScriptExecutionContext to EventListener methods that now need it.
+
2009-09-25 Enrica Casucci <enrica at apple.com>
Reviewed by Darin Adler, Dan Bernstein, Adele Peterson, and others.
diff --git a/WebCore/bindings/js/JSAbstractWorkerCustom.cpp b/WebCore/bindings/js/JSAbstractWorkerCustom.cpp
index aac1c63..9411ad8 100644
--- a/WebCore/bindings/js/JSAbstractWorkerCustom.cpp
+++ b/WebCore/bindings/js/JSAbstractWorkerCustom.cpp
@@ -54,7 +54,7 @@ JSValue JSAbstractWorker::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -68,7 +68,7 @@ JSValue JSAbstractWorker::removeEventListener(ExecState* exec, const ArgList& ar
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSDOMApplicationCacheCustom.cpp b/WebCore/bindings/js/JSDOMApplicationCacheCustom.cpp
index 5855026..49ef5e3 100644
--- a/WebCore/bindings/js/JSDOMApplicationCacheCustom.cpp
+++ b/WebCore/bindings/js/JSDOMApplicationCacheCustom.cpp
@@ -95,7 +95,7 @@ JSValue JSDOMApplicationCache::addEventListener(ExecState* exec, const ArgList&
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -109,7 +109,7 @@ JSValue JSDOMApplicationCache::removeEventListener(ExecState* exec, const ArgLis
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSDOMGlobalObject.cpp b/WebCore/bindings/js/JSDOMGlobalObject.cpp
index 240a56c..fd290f2 100644
--- a/WebCore/bindings/js/JSDOMGlobalObject.cpp
+++ b/WebCore/bindings/js/JSDOMGlobalObject.cpp
@@ -68,7 +68,7 @@ PassRefPtr<JSEventListener> JSDOMGlobalObject::createJSAttributeEventListener(JS
if (!val.isObject())
return 0;
- return JSEventListener::create(asObject(val), this, true).get();
+ return JSEventListener::create(asObject(val), true).get();
}
void JSDOMGlobalObject::setCurrentEvent(Event* evt)
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 08c7144..0b747e6 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -1034,7 +1034,7 @@ JSValue JSDOMWindow::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), this, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -1048,7 +1048,7 @@ JSValue JSDOMWindow::removeEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), this, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSEventListener.cpp b/WebCore/bindings/js/JSEventListener.cpp
index 48ae014..4f273fe 100644
--- a/WebCore/bindings/js/JSEventListener.cpp
+++ b/WebCore/bindings/js/JSEventListener.cpp
@@ -31,20 +31,18 @@ using namespace JSC;
namespace WebCore {
-JSEventListener::JSEventListener(JSObject* function, JSDOMGlobalObject* globalObject, bool isAttribute)
+JSEventListener::JSEventListener(JSObject* function, bool isAttribute)
: EventListener(JSEventListenerType)
, m_jsFunction(function)
- , m_globalObject(globalObject)
, m_isAttribute(isAttribute)
{
- ASSERT(m_globalObject);
}
JSEventListener::~JSEventListener()
{
}
-JSObject* JSEventListener::jsFunction() const
+JSObject* JSEventListener::jsFunction(ScriptExecutionContext*) const
{
return m_jsFunction;
}
@@ -53,20 +51,22 @@ void JSEventListener::markJSFunction(MarkStack& markStack)
{
if (m_jsFunction)
markStack.append(m_jsFunction);
- markStack.append(m_globalObject);
}
-void JSEventListener::handleEvent(Event* event)
+void JSEventListener::handleEvent(ScriptExecutionContext* scriptExecutionContext, Event* event)
{
+ ASSERT(scriptExecutionContext);
+ if (!scriptExecutionContext)
+ return;
+
JSLock lock(SilenceAssertionsOnly);
- JSObject* jsFunction = this->jsFunction();
+ JSObject* jsFunction = this->jsFunction(scriptExecutionContext);
if (!jsFunction)
return;
- JSDOMGlobalObject* globalObject = m_globalObject;
- ScriptExecutionContext* scriptExecutionContext = globalObject->scriptExecutionContext();
- if (!scriptExecutionContext)
+ JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(scriptExecutionContext);
+ if (!globalObject)
return;
if (scriptExecutionContext->isDocument()) {
@@ -132,15 +132,15 @@ void JSEventListener::handleEvent(Event* event)
}
}
-bool JSEventListener::reportError(const String& message, const String& url, int lineNumber)
+bool JSEventListener::reportError(ScriptExecutionContext* context, const String& message, const String& url, int lineNumber)
{
JSLock lock(SilenceAssertionsOnly);
- JSObject* jsFunction = this->jsFunction();
+ JSObject* jsFunction = this->jsFunction(context);
if (!jsFunction)
return false;
- JSDOMGlobalObject* globalObject = m_globalObject;
+ JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(context);
ExecState* exec = globalObject->globalExec();
CallData callData;
diff --git a/WebCore/bindings/js/JSEventListener.h b/WebCore/bindings/js/JSEventListener.h
index 91ceff7..285a9c4 100644
--- a/WebCore/bindings/js/JSEventListener.h
+++ b/WebCore/bindings/js/JSEventListener.h
@@ -30,9 +30,9 @@ namespace WebCore {
class JSEventListener : public EventListener {
public:
- static PassRefPtr<JSEventListener> create(JSC::JSObject* listener, JSDOMGlobalObject* globalObject, bool isAttribute)
+ static PassRefPtr<JSEventListener> create(JSC::JSObject* listener, bool isAttribute)
{
- return adoptRef(new JSEventListener(listener, globalObject, isAttribute));
+ return adoptRef(new JSEventListener(listener, isAttribute));
}
static const JSEventListener* cast(const EventListener* listener)
@@ -49,20 +49,19 @@ namespace WebCore {
// Returns true if this event listener was created for an event handler attribute, like "onload" or "onclick".
bool isAttribute() const { return m_isAttribute; }
- virtual JSC::JSObject* jsFunction() const;
+ virtual JSC::JSObject* jsFunction(ScriptExecutionContext*) const;
private:
virtual void markJSFunction(JSC::MarkStack&);
- virtual void handleEvent(Event*);
- virtual bool reportError(const String& message, const String& url, int lineNumber);
+ virtual void handleEvent(ScriptExecutionContext*, Event*);
+ virtual bool reportError(ScriptExecutionContext*, const String& message, const String& url, int lineNumber);
virtual bool virtualisAttribute() const;
void clearJSFunctionInline();
protected:
- JSEventListener(JSC::JSObject* function, JSDOMGlobalObject*, bool isAttribute);
+ JSEventListener(JSC::JSObject* function, bool isAttribute);
mutable JSC::JSObject* m_jsFunction;
- JSDOMGlobalObject* m_globalObject;
bool m_isAttribute;
};
diff --git a/WebCore/bindings/js/JSEventSourceCustom.cpp b/WebCore/bindings/js/JSEventSourceCustom.cpp
index d757ef6..404bf11 100644
--- a/WebCore/bindings/js/JSEventSourceCustom.cpp
+++ b/WebCore/bindings/js/JSEventSourceCustom.cpp
@@ -53,7 +53,7 @@ JSValue JSEventSource::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -67,7 +67,7 @@ JSValue JSEventSource::removeEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSLazyEventListener.cpp b/WebCore/bindings/js/JSLazyEventListener.cpp
index cf0ed44..0d6cb57 100644
--- a/WebCore/bindings/js/JSLazyEventListener.cpp
+++ b/WebCore/bindings/js/JSLazyEventListener.cpp
@@ -35,12 +35,13 @@ namespace WebCore {
static WTF::RefCountedLeakCounter eventListenerCounter("JSLazyEventListener");
#endif
-JSLazyEventListener::JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, JSDOMGlobalObject* globalObject, Node* node, int lineNumber)
- : JSEventListener(0, globalObject, true)
+JSLazyEventListener::JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, Node* node, const String& sourceURL, int lineNumber)
+ : JSEventListener(0, true)
, m_functionName(functionName)
, m_eventParameterName(eventParameterName)
, m_code(code)
, m_parsed(false)
+ , m_sourceURL(sourceURL)
, m_lineNumber(lineNumber)
, m_originalNode(node)
{
@@ -67,23 +68,43 @@ JSLazyEventListener::~JSLazyEventListener()
#endif
}
-JSObject* JSLazyEventListener::jsFunction() const
+JSObject* JSLazyEventListener::jsFunction(ScriptExecutionContext* executionContext) const
{
- parseCode();
+ parseCode(executionContext);
return m_jsFunction;
}
-void JSLazyEventListener::parseCode() const
+void JSLazyEventListener::parseCode(ScriptExecutionContext* executionContext) const
{
+ ASSERT(executionContext);
+ ASSERT(executionContext->isDocument());
+ if (!executionContext)
+ return;
+
if (m_parsed)
return;
- ScriptExecutionContext* executionContext = m_globalObject->scriptExecutionContext();
- ASSERT(executionContext);
- if (!executionContext)
+ Frame* frame = static_cast<Document*>(executionContext)->frame();
+ if (!frame)
return;
+
+ ScriptController* scriptController = frame->script();
+ if (!scriptController->isEnabled())
+ return;
+
+ JSDOMGlobalObject* globalObject = toJSDOMGlobalObject(executionContext);
+ if (!globalObject)
+ return;
+
+ // Ensure that 'node' has a JavaScript wrapper to mark the event listener we're creating.
+ if (m_originalNode) {
+ JSLock lock(SilenceAssertionsOnly);
+ // FIXME: Should pass the global object associated with the node
+ toJS(globalObject->globalExec(), globalObject, m_originalNode);
+ }
+
if (executionContext->isDocument()) {
- JSDOMWindow* window = static_cast<JSDOMWindow*>(m_globalObject);
+ JSDOMWindow* window = static_cast<JSDOMWindow*>(globalObject);
Frame* frame = window->impl()->frame();
if (!frame)
return;
@@ -95,16 +116,13 @@ void JSLazyEventListener::parseCode() const
m_parsed = true;
- ExecState* exec = m_globalObject->globalExec();
+ ExecState* exec = globalObject->globalExec();
MarkedArgumentBuffer args;
- UString sourceURL(executionContext->url().string());
args.append(jsNontrivialString(exec, m_eventParameterName));
args.append(jsString(exec, m_code));
- // FIXME: Passing the document's URL to construct is not always correct, since this event listener might
- // have been added with setAttribute from a script, and we should pass String() in that case.
- m_jsFunction = constructFunction(exec, args, Identifier(exec, m_functionName), sourceURL, m_lineNumber); // FIXME: is globalExec ok?
+ m_jsFunction = constructFunction(exec, args, Identifier(exec, m_functionName), m_sourceURL, m_lineNumber); // FIXME: is globalExec ok?
JSFunction* listenerAsFunction = static_cast<JSFunction*>(m_jsFunction);
@@ -118,7 +136,7 @@ void JSLazyEventListener::parseCode() const
// (and the document, and the form - see JSHTMLElement::eventHandlerScope)
ScopeChain scope = listenerAsFunction->scope();
- JSValue thisObj = toJS(exec, m_globalObject, m_originalNode);
+ JSValue thisObj = toJS(exec, globalObject, m_originalNode);
if (thisObj.isObject()) {
static_cast<JSNode*>(asObject(thisObj))->pushEventHandlerScope(exec, scope);
listenerAsFunction->setScope(scope);
@@ -129,6 +147,7 @@ void JSLazyEventListener::parseCode() const
m_functionName = String();
m_code = String();
m_eventParameterName = String();
+ m_sourceURL = String();
}
} // namespace WebCore
diff --git a/WebCore/bindings/js/JSLazyEventListener.h b/WebCore/bindings/js/JSLazyEventListener.h
index a5304cf..e3137b8 100644
--- a/WebCore/bindings/js/JSLazyEventListener.h
+++ b/WebCore/bindings/js/JSLazyEventListener.h
@@ -29,24 +29,25 @@ namespace WebCore {
class JSLazyEventListener : public JSEventListener {
public:
- static PassRefPtr<JSLazyEventListener> create(const String& functionName, const String& eventParameterName, const String& code, JSDOMGlobalObject* globalObject, Node* node, int lineNumber)
+ static PassRefPtr<JSLazyEventListener> create(const String& functionName, const String& eventParameterName, const String& code, Node* node, const String& sourceURL, int lineNumber)
{
- return adoptRef(new JSLazyEventListener(functionName, eventParameterName, code, globalObject, node, lineNumber));
+ return adoptRef(new JSLazyEventListener(functionName, eventParameterName, code, node, sourceURL, lineNumber));
}
virtual ~JSLazyEventListener();
private:
- JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, JSDOMGlobalObject*, Node*, int lineNumber);
+ JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, Node*, const String& sourceURL, int lineNumber);
- virtual JSC::JSObject* jsFunction() const;
+ virtual JSC::JSObject* jsFunction(ScriptExecutionContext*) const;
virtual bool wasCreatedFromMarkup() const { return true; }
- void parseCode() const;
+ void parseCode(ScriptExecutionContext*) const;
mutable String m_functionName;
mutable String m_eventParameterName;
mutable String m_code;
mutable bool m_parsed;
+ mutable String m_sourceURL;
int m_lineNumber;
Node* m_originalNode;
};
diff --git a/WebCore/bindings/js/JSMessagePortCustom.cpp b/WebCore/bindings/js/JSMessagePortCustom.cpp
index 2084905..210c93e 100644
--- a/WebCore/bindings/js/JSMessagePortCustom.cpp
+++ b/WebCore/bindings/js/JSMessagePortCustom.cpp
@@ -65,7 +65,7 @@ JSValue JSMessagePort::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -79,7 +79,7 @@ JSValue JSMessagePort::removeEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSNodeCustom.cpp b/WebCore/bindings/js/JSNodeCustom.cpp
index 025a8fa..52f21e7 100644
--- a/WebCore/bindings/js/JSNodeCustom.cpp
+++ b/WebCore/bindings/js/JSNodeCustom.cpp
@@ -122,7 +122,7 @@ JSValue JSNode::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -140,7 +140,7 @@ JSValue JSNode::removeEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp b/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
index e8001de..571e302 100644
--- a/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
+++ b/WebCore/bindings/js/JSSVGElementInstanceCustom.cpp
@@ -58,7 +58,7 @@ JSValue JSSVGElementInstance::addEventListener(ExecState* exec, const ArgList& a
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -72,7 +72,7 @@ JSValue JSSVGElementInstance::removeEventListener(ExecState* exec, const ArgList
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSWorkerContextCustom.cpp b/WebCore/bindings/js/JSWorkerContextCustom.cpp
index 1b78264..e1c8a8c 100644
--- a/WebCore/bindings/js/JSWorkerContextCustom.cpp
+++ b/WebCore/bindings/js/JSWorkerContextCustom.cpp
@@ -122,7 +122,7 @@ JSValue JSWorkerContext::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), this, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -132,7 +132,7 @@ JSValue JSWorkerContext::removeEventListener(ExecState* exec, const ArgList& arg
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), this, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp b/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp
index 6d0ce57..4b44db2 100644
--- a/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp
+++ b/WebCore/bindings/js/JSXMLHttpRequestCustom.cpp
@@ -160,7 +160,7 @@ JSValue JSXMLHttpRequest::addEventListener(ExecState* exec, const ArgList& args)
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -174,7 +174,7 @@ JSValue JSXMLHttpRequest::removeEventListener(ExecState* exec, const ArgList& ar
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/JSXMLHttpRequestUploadCustom.cpp b/WebCore/bindings/js/JSXMLHttpRequestUploadCustom.cpp
index c0f0c39..dab0a3e 100644
--- a/WebCore/bindings/js/JSXMLHttpRequestUploadCustom.cpp
+++ b/WebCore/bindings/js/JSXMLHttpRequestUploadCustom.cpp
@@ -64,7 +64,7 @@ JSValue JSXMLHttpRequestUpload::addEventListener(ExecState* exec, const ArgList&
if (!listener.isObject())
return jsUndefined();
- impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false), args.at(2).toBoolean(exec));
+ impl()->addEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false), args.at(2).toBoolean(exec));
return jsUndefined();
}
@@ -78,7 +78,7 @@ JSValue JSXMLHttpRequestUpload::removeEventListener(ExecState* exec, const ArgLi
if (!listener.isObject())
return jsUndefined();
- impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), globalObject, false).get(), args.at(2).toBoolean(exec));
+ impl()->removeEventListener(args.at(0).toString(exec), JSEventListener::create(asObject(listener), false).get(), args.at(2).toBoolean(exec));
return jsUndefined();
}
diff --git a/WebCore/bindings/js/ScriptEventListener.cpp b/WebCore/bindings/js/ScriptEventListener.cpp
index 878c535..624a8b8 100644
--- a/WebCore/bindings/js/ScriptEventListener.cpp
+++ b/WebCore/bindings/js/ScriptEventListener.cpp
@@ -37,8 +37,6 @@
#include "Frame.h"
#include "XSSAuditor.h"
-#include <runtime/JSLock.h>
-
using namespace JSC;
namespace WebCore {
@@ -54,29 +52,25 @@ PassRefPtr<JSLazyEventListener> createAttributeEventListener(Node* node, Attribu
{
ASSERT(node);
- Frame* frame = node->document()->frame();
- if (!frame)
- return 0;
-
- ScriptController* scriptController = frame->script();
- if (!scriptController->isEnabled())
- return 0;
-
- if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
- // This script is not safe to execute.
- return 0;
- }
+ int lineNumber = 1;
+ String sourceURL;
- JSDOMWindow* globalObject = scriptController->globalObject();
-
- // Ensure that 'node' has a JavaScript wrapper to mark the event listener we're creating.
- {
- JSLock lock(SilenceAssertionsOnly);
- // FIXME: Should pass the global object associated with the node
- toJS(globalObject->globalExec(), globalObject, node);
+ // FIXME: We should be able to provide accurate source information for frameless documents, too (e.g. for importing nodes from XMLHttpRequest.responseXML).
+ if (Frame* frame = node->document()->frame()) {
+ ScriptController* scriptController = frame->script();
+ if (!scriptController->isEnabled())
+ return 0;
+
+ if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
+ // This script is not safe to execute.
+ return 0;
+ }
+
+ lineNumber = scriptController->eventHandlerLineNumber();
+ sourceURL = node->document()->url().string();
}
- return JSLazyEventListener::create(attr->localName().string(), eventParameterName(node->isSVGElement()), attr->value(), globalObject, node, scriptController->eventHandlerLineNumber());
+ return JSLazyEventListener::create(attr->localName().string(), eventParameterName(node->isSVGElement()), attr->value(), node, sourceURL, lineNumber);
}
PassRefPtr<JSLazyEventListener> createAttributeEventListener(Frame* frame, Attribute* attr)
@@ -84,19 +78,21 @@ PassRefPtr<JSLazyEventListener> createAttributeEventListener(Frame* frame, Attri
if (!frame)
return 0;
+ int lineNumber = 1;
+ String sourceURL;
+
ScriptController* scriptController = frame->script();
if (!scriptController->isEnabled())
return 0;
-
+
if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
// This script is not safe to execute.
return 0;
}
- // 'globalObject' is the JavaScript wrapper that will mark the event listener we're creating.
- JSDOMWindow* globalObject = scriptController->globalObject();
-
- return JSLazyEventListener::create(attr->localName().string(), eventParameterName(frame->document()->isSVGDocument()), attr->value(), globalObject, 0, scriptController->eventHandlerLineNumber());
+ lineNumber = scriptController->eventHandlerLineNumber();
+ sourceURL = frame->document()->url().string();
+ return JSLazyEventListener::create(attr->localName().string(), eventParameterName(frame->document()->isSVGDocument()), attr->value(), 0, sourceURL, lineNumber);
}
} // namespace WebCore
diff --git a/WebCore/bindings/objc/ObjCEventListener.h b/WebCore/bindings/objc/ObjCEventListener.h
index f5d8af8..434ef45 100644
--- a/WebCore/bindings/objc/ObjCEventListener.h
+++ b/WebCore/bindings/objc/ObjCEventListener.h
@@ -54,7 +54,7 @@ namespace WebCore {
ObjCEventListener(id <DOMEventListener>);
virtual ~ObjCEventListener();
- virtual void handleEvent(Event*);
+ virtual void handleEvent(ScriptExecutionContext*, Event*);
id <DOMEventListener> m_listener;
};
diff --git a/WebCore/bindings/objc/ObjCEventListener.mm b/WebCore/bindings/objc/ObjCEventListener.mm
index 81b82f1..d73ac30 100644
--- a/WebCore/bindings/objc/ObjCEventListener.mm
+++ b/WebCore/bindings/objc/ObjCEventListener.mm
@@ -73,7 +73,7 @@ ObjCEventListener::~ObjCEventListener()
[m_listener release];
}
-void ObjCEventListener::handleEvent(Event* event)
+void ObjCEventListener::handleEvent(ScriptExecutionContext*, Event* event)
{
[m_listener handleEvent:kit(event)];
}
diff --git a/WebCore/bindings/scripts/CodeGeneratorJS.pm b/WebCore/bindings/scripts/CodeGeneratorJS.pm
index 3523b43..fe9acb8 100644
--- a/WebCore/bindings/scripts/CodeGeneratorJS.pm
+++ b/WebCore/bindings/scripts/CodeGeneratorJS.pm
@@ -1294,7 +1294,11 @@ sub GenerateImplementation
push(@implContent, " UNUSED_PARAM(exec);\n");
push(@implContent, " $implClassName* imp = static_cast<$implClassName*>(castedThis->impl());\n");
push(@implContent, " if (EventListener* listener = imp->$implGetterFunctionName()) {\n");
- push(@implContent, " if (JSObject* jsFunction = listener->jsFunction())\n");
+ if ($implClassName eq "Document" || $implClassName eq "WorkerContext" || $implClassName eq "SharedWorkerContext" || $implClassName eq "DedicatedWorkerContext") {
+ push(@implContent, " if (JSObject* jsFunction = listener->jsFunction(imp))\n");
+ } else {
+ push(@implContent, " if (JSObject* jsFunction = listener->jsFunction(imp->scriptExecutionContext()))\n");
+ }
push(@implContent, " return jsFunction;\n");
push(@implContent, " }\n");
push(@implContent, " return jsNull();\n");
diff --git a/WebCore/dom/EventListener.h b/WebCore/dom/EventListener.h
index 6862f06..f834b31 100644
--- a/WebCore/dom/EventListener.h
+++ b/WebCore/dom/EventListener.h
@@ -31,6 +31,7 @@ namespace JSC {
namespace WebCore {
+ class ScriptExecutionContext;
class Event;
class EventListener : public RefCounted<EventListener> {
@@ -44,13 +45,13 @@ namespace WebCore {
virtual ~EventListener() { }
virtual bool operator==(const EventListener&) = 0;
- virtual void handleEvent(Event*) = 0;
+ virtual void handleEvent(ScriptExecutionContext*, Event*) = 0;
// Return true to indicate that the error is handled.
- virtual bool reportError(const String& /*message*/, const String& /*url*/, int /*lineNumber*/) { return false; }
+ virtual bool reportError(ScriptExecutionContext*, const String& /*message*/, const String& /*url*/, int /*lineNumber*/) { return false; }
virtual bool wasCreatedFromMarkup() const { return false; }
#if USE(JSC)
- virtual JSC::JSObject* jsFunction() const { return 0; }
+ virtual JSC::JSObject* jsFunction(ScriptExecutionContext*) const { return 0; }
virtual void markJSFunction(JSC::MarkStack&) { }
#endif
diff --git a/WebCore/dom/EventTarget.cpp b/WebCore/dom/EventTarget.cpp
index d3b3f55..ceb5221 100644
--- a/WebCore/dom/EventTarget.cpp
+++ b/WebCore/dom/EventTarget.cpp
@@ -269,7 +269,7 @@ bool EventTarget::fireEventListeners(Event* event)
continue;
// To match Mozilla, the AT_TARGET phase fires both capturing and bubbling
// event listeners, even though that violates some versions of the DOM spec.
- registeredListener.listener->handleEvent(event);
+ registeredListener.listener->handleEvent(scriptExecutionContext(), event);
}
d->firingEventEndIterators.removeLast();
diff --git a/WebCore/inspector/InspectorDOMAgent.cpp b/WebCore/inspector/InspectorDOMAgent.cpp
index 4a4902d..598f5bc 100644
--- a/WebCore/inspector/InspectorDOMAgent.cpp
+++ b/WebCore/inspector/InspectorDOMAgent.cpp
@@ -123,7 +123,7 @@ void InspectorDOMAgent::stopListening(Document* doc)
m_documents.remove(doc);
}
-void InspectorDOMAgent::handleEvent(Event* event)
+void InspectorDOMAgent::handleEvent(ScriptExecutionContext*, Event* event)
{
AtomicString type = event->type();
Node* node = event->target()->toNode();
diff --git a/WebCore/inspector/InspectorDOMAgent.h b/WebCore/inspector/InspectorDOMAgent.h
index bd539a5..0f7f24c 100644
--- a/WebCore/inspector/InspectorDOMAgent.h
+++ b/WebCore/inspector/InspectorDOMAgent.h
@@ -85,7 +85,7 @@ namespace WebCore {
void startListening(Document* document);
void stopListening(Document* document);
- virtual void handleEvent(Event* event);
+ virtual void handleEvent(ScriptExecutionContext*, Event* event);
typedef HashMap<RefPtr<Node>, long> NodeToIdMap;
long bind(Node* node, NodeToIdMap* nodesMap);
diff --git a/WebCore/inspector/InspectorDOMStorageResource.cpp b/WebCore/inspector/InspectorDOMStorageResource.cpp
index 99a2dba..05b4b96 100644
--- a/WebCore/inspector/InspectorDOMStorageResource.cpp
+++ b/WebCore/inspector/InspectorDOMStorageResource.cpp
@@ -96,7 +96,7 @@ void InspectorDOMStorageResource::startReportingChangesToFrontend()
}
}
-void InspectorDOMStorageResource::handleEvent(Event* event)
+void InspectorDOMStorageResource::handleEvent(ScriptExecutionContext*, Event* event)
{
ASSERT(m_frontend);
ASSERT(eventNames().storageEvent == event->type());
diff --git a/WebCore/inspector/InspectorDOMStorageResource.h b/WebCore/inspector/InspectorDOMStorageResource.h
index 6f29d9d..2b18b24 100644
--- a/WebCore/inspector/InspectorDOMStorageResource.h
+++ b/WebCore/inspector/InspectorDOMStorageResource.h
@@ -62,7 +62,7 @@ namespace WebCore {
void unbind();
void startReportingChangesToFrontend();
- virtual void handleEvent(Event*);
+ virtual void handleEvent(ScriptExecutionContext*, Event*);
virtual bool operator==(const EventListener& listener);
bool isSameHostAndType(Frame*, bool isLocalStorage) const;
diff --git a/WebCore/loader/ImageDocument.cpp b/WebCore/loader/ImageDocument.cpp
index 8078ccd..9b5598d 100644
--- a/WebCore/loader/ImageDocument.cpp
+++ b/WebCore/loader/ImageDocument.cpp
@@ -70,7 +70,7 @@ private:
{
}
- virtual void handleEvent(Event*);
+ virtual void handleEvent(ScriptExecutionContext*, Event*);
ImageDocument* m_doc;
};
@@ -358,7 +358,7 @@ bool ImageDocument::shouldShrinkToFit() const
// --------
-void ImageEventListener::handleEvent(Event* event)
+void ImageEventListener::handleEvent(ScriptExecutionContext*, Event* event)
{
if (event->type() == eventNames().resizeEvent)
m_doc->windowSizeChanged();
diff --git a/WebCore/svg/animation/SVGSMILElement.cpp b/WebCore/svg/animation/SVGSMILElement.cpp
index 8ec9435..3957b81 100644
--- a/WebCore/svg/animation/SVGSMILElement.cpp
+++ b/WebCore/svg/animation/SVGSMILElement.cpp
@@ -87,7 +87,7 @@ private:
m_eventBase->addEventListener(m_condition->m_name, this, false);
}
- virtual void handleEvent(Event*);
+ virtual void handleEvent(ScriptExecutionContext*, Event*);
SVGSMILElement* m_animation;
SVGSMILElement::Condition* m_condition;
@@ -103,7 +103,7 @@ bool ConditionEventListener::operator==(const EventListener& listener)
return false;
}
-void ConditionEventListener::handleEvent(Event* event)
+void ConditionEventListener::handleEvent(ScriptExecutionContext*, Event* event)
{
m_animation->handleConditionEvent(event, m_condition);
}
diff --git a/WebCore/workers/WorkerContext.cpp b/WebCore/workers/WorkerContext.cpp
index 22e5b56..f4d795b 100644
--- a/WebCore/workers/WorkerContext.cpp
+++ b/WebCore/workers/WorkerContext.cpp
@@ -233,7 +233,7 @@ void WorkerContext::reportException(const String& errorMessage, int lineNumber,
{
bool errorHandled = false;
if (onerror())
- errorHandled = onerror()->reportError(errorMessage, sourceURL, lineNumber);
+ errorHandled = onerror()->reportError(this, errorMessage, sourceURL, lineNumber);
if (!errorHandled)
thread()->workerReportingProxy().postExceptionToWorkerObject(errorMessage, lineNumber, sourceURL);
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list