[SCM] WebKit Debian packaging branch, webkit-1.3, updated. upstream/1.3.7-4207-g178b198

antonm at chromium.org antonm at chromium.org
Sun Feb 20 23:34:10 UTC 2011 

The following commit has been merged in the webkit-1.3 branch:
commit 3b2e204b91b9a7b83e23909fbd8109cf2366b842
Author: antonm at chromium.org <antonm at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Jan 21 19:40:02 2011 +0000

    2011-01-21  Anton Muhin  <antonm at chromium.org>
    
            Reviewed by Nate Chapin.
    
            [v8] Properly deal with the case when conversion to string throws an exception for HTMLCollection accessors
            https://bugs.webkit.org/show_bug.cgi?id=52901
    
            * fast/dom/htmlcollection-conversion-throws-exception-expected.txt: Added.
            * fast/dom/htmlcollection-conversion-throws-exception.html: Added.
    2011-01-21  Anton Muhin  <antonm at chromium.org>
    
            Reviewed by Nate Chapin.
    
            [v8] Properly deal with the case when conversion to string throws an exception for HTMLCollection accessors
            https://bugs.webkit.org/show_bug.cgi?id=52901
    
            Test: fast/dom/htmlcollection-conversion-throws-exception.html
    
            * bindings/v8/custom/V8HTMLCollectionCustom.cpp:
            (WebCore::getItem):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@76373 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 2f3df9c..bc7d731 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2011-01-21  Anton Muhin  <antonm at chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [v8] Properly deal with the case when conversion to string throws an exception for HTMLCollection accessors
+        https://bugs.webkit.org/show_bug.cgi?id=52901
+
+        * fast/dom/htmlcollection-conversion-throws-exception-expected.txt: Added.
+        * fast/dom/htmlcollection-conversion-throws-exception.html: Added.
+
 2011-01-21  Dimitri Glazkov  <dglazkov at chromium.org>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception-expected.txt b/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception-expected.txt
new file mode 100644
index 0000000..39c00f7
--- /dev/null
+++ b/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception-expected.txt
@@ -0,0 +1,4 @@
+ALERT: This test verifies that exception thrown while converting an object to string are correctly propagated and do not crash the browser.
+ALERT: OK: EXCEPTION
+ALERT: OK: EXCEPTION
+
diff --git a/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception.html b/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception.html
new file mode 100644
index 0000000..daf3ec3
--- /dev/null
+++ b/LayoutTests/fast/dom/htmlcollection-conversion-throws-exception.html
@@ -0,0 +1,31 @@
+<html>
+<head>
+<script>
+  function test() {
+    alert(
+    'This test verifies that exception thrown while converting an object to string '
+    + 'are correctly propagated and do not crash the browser.');
+
+    if (window.layoutTestController) {
+      layoutTestController.dumpAsText();
+    }
+
+    var throwing = { toString: function() { throw 'EXCEPTION'; } };
+    try {
+      document.images.item(throwing);
+      alert('FAIL: document.images.item(throwing) should have thrown an exception!');
+    } catch (e) {
+      alert('OK: ' + e);
+    }
+    try {
+      document.images[throwing];
+      alert('FAIL: document.images[throwing] should have thrown an exception!');
+    } catch (e) {
+      alert('OK: ' + e);
+    }
+  }
+</script>
+</head>
+<body onload='test()'>
+</body>
+</html>
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index 23b413d..5e930d0 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2011-01-21  Anton Muhin  <antonm at chromium.org>
+
+        Reviewed by Nate Chapin.
+
+        [v8] Properly deal with the case when conversion to string throws an exception for HTMLCollection accessors
+        https://bugs.webkit.org/show_bug.cgi?id=52901
+
+        Test: fast/dom/htmlcollection-conversion-throws-exception.html
+
+        * bindings/v8/custom/V8HTMLCollectionCustom.cpp:
+        (WebCore::getItem):
+
 2011-01-21  Adam Roben  <aroben at apple.com>
 
         Separate flushing layer changes from rendering in CACFLayerTreeHost
diff --git a/Source/WebCore/bindings/v8/custom/V8HTMLCollectionCustom.cpp b/Source/WebCore/bindings/v8/custom/V8HTMLCollectionCustom.cpp
index 9e89ce8..3d64edd 100644
--- a/Source/WebCore/bindings/v8/custom/V8HTMLCollectionCustom.cpp
+++ b/Source/WebCore/bindings/v8/custom/V8HTMLCollectionCustom.cpp
@@ -59,7 +59,10 @@ static v8::Handle<v8::Value> getItem(HTMLCollection* collection, v8::Handle<v8::
 {
     v8::Local<v8::Uint32> index = argument->ToArrayIndex();
     if (index.IsEmpty()) {
-        v8::Handle<v8::Value> result = getNamedItems(collection, toWebCoreString(argument->ToString()));
+        v8::Local<v8::String> asString = argument->ToString();
+        if (asString.IsEmpty())
+            return v8::Handle<v8::Value>();
+        v8::Handle<v8::Value> result = getNamedItems(collection, toWebCoreString(asString));
 
         if (result.IsEmpty())
             return v8::Undefined();

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list