[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75
oliver at apple.com
oliver at apple.com
Thu Oct 29 20:37:15 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 85d089060ea3f08f3834e8055cf3ea72652fc47c
Author: oliver at apple.com <oliver at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Oct 1 05:52:56 2009 +0000
reproducible freeze and crash on closing form popup at bosch-home.nl
https://bugs.webkit.org/show_bug.cgi?id=28948
Reviewed by Maciej Stachowiak.
showModalDialog calls getDirect on what is actually a window shell,
so ends up not getting a value (since no value can ever be placed
directly on the shell), which leads to incorrect behaviour.
We use a manual test rather than automatic as it was not
possible to get a modal run loop to work inside DRT.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@48960 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 3639def..78861e4 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,21 @@
+2009-09-30 Oliver Hunt <oliver at apple.com>
+
+ Reviewed by Maciej Stachowiak.
+
+ reproducible freeze and crash on closing form popup at bosch-home.nl
+ https://bugs.webkit.org/show_bug.cgi?id=28948
+
+ showModalDialog calls getDirect on what is actually a window shell,
+ so ends up not getting a value (since no value can ever be placed
+ directly on the shell), which leads to incorrect behaviour.
+
+ We use a manual test rather than automatic as it was not
+ possible to get a modal run loop to work inside DRT.
+
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::JSDOMWindow::showModalDialog):
+ * manual-tests/showModalDialog-returnValue.html: manual testcase.
+
2009-09-30 Kent Tamura <tkent at chromium.org>
Reviewed by Darin Adler.
diff --git a/WebCore/bindings/js/JSDOMWindowCustom.cpp b/WebCore/bindings/js/JSDOMWindowCustom.cpp
index 7410107..27acafe 100644
--- a/WebCore/bindings/js/JSDOMWindowCustom.cpp
+++ b/WebCore/bindings/js/JSDOMWindowCustom.cpp
@@ -933,7 +933,15 @@ JSValue JSDOMWindow::showModalDialog(ExecState* exec, const ArgList& args)
JSDOMWindow* dialogWindow = toJSDOMWindow(dialogFrame);
dialogFrame->page()->chrome()->runModal();
- return dialogWindow->getDirect(Identifier(exec, "returnValue"));
+ Identifier returnValue(exec, "returnValue");
+ if (dialogWindow->allowsAccessFromNoErrorMessage(exec)) {
+ PropertySlot slot;
+ // This is safe, we have already performed the origin security check and we are
+ // not interested in any of the DOM properties of the window.
+ if (dialogWindow->JSGlobalObject::getOwnPropertySlot(exec, returnValue, slot))
+ return slot.getValue(exec, returnValue);
+ }
+ return jsUndefined();
}
JSValue JSDOMWindow::postMessage(ExecState* exec, const ArgList& args)
diff --git a/WebCore/manual-tests/showModalDialog-returnValue.html b/WebCore/manual-tests/showModalDialog-returnValue.html
new file mode 100644
index 0000000..fbc3ee3
--- /dev/null
+++ b/WebCore/manual-tests/showModalDialog-returnValue.html
@@ -0,0 +1,13 @@
+This test makes sure we don't crash when storing the return value from showModalDialog. Popup blocking needs to be disabled for this test to run.<br>
+<script>
+if (showModalDialog("data:text/html,<script>returnValue={value:'PASS'}; close()</"+"script>").value == "PASS")
+ document.write("<span style='color:green'>Test passed.<br>");
+else
+ document.write("<span style='color:red'>Test failed due to incorrect result.<br>");
+value = showModalDialog("data:text/html,<script>close()</"+"script>");
+if (!value)
+ document.write("<span style='color:green'>Test passed.<br>");
+else
+ document.write("<span style='color:red'>Test failed due to incorrect result.<br>");
+
+</script>
\ No newline at end of file
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list