Remove leak of objects between isolated worlds on custom events.

Source/bindings/v8/custom/V8CustomEventCustom.cpp

Index: Source/bindings/v8/custom/V8CustomEventCustom.cpp
diff --git a/Source/bindings/v8/custom/V8CustomEventCustom.cpp b/Source/bindings/v8/custom/V8CustomEventCustom.cpp
index ff0f9b355c75a404d34f7125047a40ec5070b14d..5bfeba625a795292784ea2bcef1b340aa9757a00 100644
--- a/Source/bindings/v8/custom/V8CustomEventCustom.cpp
+++ b/Source/bindings/v8/custom/V8CustomEventCustom.cpp
@@ -45,20 +45,61 @@
 
 namespace WebCore {
 
+// Save the detail value to a hidden attribute in the V8PCustomEvent, and return it, for convenience.

[adamk, 2013/06/27 00:15:04]

Please remove this comment

[jww, 2013/06/27 04:35:35]

Done.

+static v8::Handle<v8::Value> cacheState(v8::Handle<v8::Object> customEvent, v8::Handle<v8::Value> detail)
+{
+    customEvent->SetHiddenValue(V8HiddenPropertyName::detail(), detail);
+    return detail;
+}
+
+
 void V8CustomEvent::detailAttrGetterCustom(v8::Local<v8::String> name, const v8::PropertyCallbackInfo<v8::Value>& info)
 {
-    CustomEvent* imp = V8CustomEvent::toNative(info.Holder());
-    RefPtr<SerializedScriptValue> serialized = imp->serializedScriptValue();
+    CustomEvent* event = V8CustomEvent::toNative(info.Holder());
+    ASSERT(!event->serializedScriptValue().get());
+
+    v8::Handle<v8::Value> result = info.Holder()->GetHiddenValue(V8HiddenPropertyName::detail());
+
+    if (!result.IsEmpty()) {
+        v8SetReturnValue(info, result);
+        return;
+    }
+
+    // This is necessary because of the V8 bug 2746. V8 returns an empty
+    // handler when a hidden value is v8::Undefined. Thus, it is necessary to
+    // keep extra state around in the event about whether the value was set
+    // in the first place. That is, if the detail was set, and V8 returns an
+    // empty handler for the value, we know that the value must actually be a
+    // v8::Undefined(), so we explicitly set that here. Oy!
+    //
+    // Once bug 2746 is addressed, the following 'if' should become dead code
+    // and should be removable. Please see the related comments in
+    // V8MessageEventCustom.cpp and V8PopStateEventCustom.cpp as well.
+    if (event->isDetailSet()) {
+        v8SetReturnValue(info, v8::Undefined());
+        return;
+    }
+
+    RefPtr<SerializedScriptValue> serialized = event->serializedScriptValue();
     if (serialized) {
-        v8::Handle<v8::Value> value = info.Holder()->GetHiddenValue(V8HiddenPropertyName::detail());
-        if (value.IsEmpty()) {
-            value = serialized->deserialize();
-            info.Holder()->SetHiddenValue(V8HiddenPropertyName::detail(), value);
-        }
-        v8SetReturnValue(info, value);
+        result = serialized->deserialize();
+        v8SetReturnValue(info, cacheState(info.Holder(), result));
         return;
     }
-    v8SetReturnValue(info, imp->detail().v8Value());
+
+    v8SetReturnValue(info, cacheState(info.Holder(), v8Null(info.GetIsolate())));
+}
+
+void V8CustomEvent::initCustomEventMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args)
+{
+    CustomEvent* event = V8CustomEvent::toNative(args.Holder());
+    String typeArg = toWebCoreString(args[0]);
+    bool canBubbleArg = args[1]->BooleanValue();
+    bool cancelableArg = args[2]->BooleanValue();
+    v8::Handle<v8::Value> detailsArg = args[3];
+
+    args.Holder()->SetHiddenValue(V8HiddenPropertyName::detail(), detailsArg);

[adamk, 2013/06/27 00:15:04]

Don't you need to set this detailIsSet bit as well? A test that calls
initCustomEvent with undefined should catch this.

[jww, 2013/06/27 04:35:35]

Not relevant since getting rid of the detailIsSet bit.

+    event->initEvent(typeArg, canBubbleArg, cancelableArg);
 }
 
 } // namespace WebCore