Index: webkit/port/bindings/v8/v8_proxy.h |
=================================================================== |
--- webkit/port/bindings/v8/v8_proxy.h (revision 6421) |
+++ webkit/port/bindings/v8/v8_proxy.h (working copy) |
@@ -238,6 +238,9 @@ |
int argc, |
v8::Handle<v8::Value> argv[]); |
+ // Returns the dom constructor function for the given node type. |
+ v8::Local<v8::Function> GetConstructor(V8ClassIndex::V8WrapperType type); |
+ |
// Returns the window object of the currently executing context. |
static DOMWindow* retrieveWindow(); |
// Returns the window object associated with a context. |
@@ -427,6 +430,8 @@ |
void SetSecurityToken(); |
void ClearDocumentWrapper(); |
void UpdateDocumentWrapper(v8::Handle<v8::Value> wrapper); |
+ // Dispose global handles of m_contexts and friends. |
+ void DisposeContext(); |
static bool CanAccessPrivate(DOMWindow* target); |
@@ -496,9 +501,25 @@ |
} |
Frame* m_frame; |
+ |
v8::Persistent<v8::Context> m_context; |
+ // DOM constructors are cached per context. A DOM constructor is a function |
+ // instance created from a DOM constructor template. There is one instance |
+ // per context. A DOM constructor is different from a normal function in |
+ // two ways: 1) it cannot be called as constructor (aka, used to create |
+ // a DOM object); 2) its __proto__ points to Object.prototype rather than |
+ // Function.prototype. The reason for 2) is that, in Safari, a DOM constructor |
+ // is a normal JS object, but not a function. Hotmail relies on the fact |
+ // that, in Safari, HTMLElement.__proto__ == Object.prototype. |
+ // |
+ // m_object_prototype is a cache of the original Object.prototype. |
+ // |
+ // Both handles must be disposed when the context is disposed. Otherwise, |
+ // it can keep all objects alive. |
+ v8::Persistent<v8::Array> m_dom_constructor_cache; |
+ v8::Persistent<v8::Value> m_object_prototype; |
+ |
v8::Persistent<v8::Object> m_global; |
- |
v8::Persistent<v8::Value> m_document; |
int m_handlerLineno; |