Remove leak of objects between isolated worlds on custom events.

Source/bindings/v8/custom/V8MessageEventCustom.cpp

Index: Source/bindings/v8/custom/V8MessageEventCustom.cpp
diff --git a/Source/bindings/v8/custom/V8MessageEventCustom.cpp b/Source/bindings/v8/custom/V8MessageEventCustom.cpp
index 906ee9bae55de50670ae76e256caf6a34208e839..e404fef25eb45b841c0c6df385f0d0809711d8f8 100644
--- a/Source/bindings/v8/custom/V8MessageEventCustom.cpp
+++ b/Source/bindings/v8/custom/V8MessageEventCustom.cpp
@@ -32,6 +32,7 @@
 #include "V8MessageEvent.h"
 
 #include "bindings/v8/SerializedScriptValue.h"
+#include "bindings/v8/V8HiddenPropertyName.h"
 #include "core/dom/MessageEvent.h"
 
 #include "V8ArrayBuffer.h"
@@ -49,11 +50,25 @@ void V8MessageEvent::dataAttrGetterCustom(v8::Local<v8::String> name, const v8::
     v8::Handle<v8::Value> result;
     switch (event->dataType()) {
     case MessageEvent::DataTypeScriptValue: {
-        ScriptValue scriptValue = event->dataAsScriptValue();
-        if (scriptValue.hasNoValue())
-            result = v8Null(info.GetIsolate());
-        else
-            result = scriptValue.v8Value();
+        result = info.Holder()->GetHiddenValue(V8HiddenPropertyName::data());
+        if (result.IsEmpty()) {
+            // This is necessary because of the V8 bug 2746. V8 returns an
+            // empty handler when a hidden value is v8::Undefined. Thus, it is
+            // necessary to keep extra state around in the event about whether
+            // the value was set in the first place. That is, if the detail was
+            // set, and V8 returns an empty handler for the value, we know that
+            // the value must actually be a v8::Undefined(), so we explicitly
+            // set that here. Oy!
+            //
+            // Once bug 2746 is addressed, the following 'if' should become
+            // unnecessary, and should be reducable to just the v8Null()
+            // assignment. Please see the related comments in
+            // V8CustomEventCustom.cpp and V8PopStateEventCustom.cpp as well.
+            if (event->isDataSet())
+                result = v8::Undefined();
+            else
+                result = v8Null(info.GetIsolate());
+        }
         break;
     }
 
@@ -93,7 +108,7 @@ void V8MessageEvent::initMessageEventMethodCustom(const v8::FunctionCallbackInfo
     String typeArg = toWebCoreString(args[0]);
     bool canBubbleArg = args[1]->BooleanValue();
     bool cancelableArg = args[2]->BooleanValue();
-    ScriptValue dataArg = ScriptValue(args[3]);
+    v8::Handle<v8::Value> dataArg = args[3];
     String originArg = toWebCoreString(args[4]);
     String lastEventIdArg = toWebCoreString(args[5]);
 
@@ -111,7 +126,8 @@ void V8MessageEvent::initMessageEventMethodCustom(const v8::FunctionCallbackInfo
         if (!getMessagePortArray(args[7], *portArray, args.GetIsolate()))
             return;
     }
-    event->initMessageEvent(typeArg, canBubbleArg, cancelableArg, dataArg, originArg, lastEventIdArg, sourceArg, portArray.release());
+    args.Holder()->SetHiddenValue(V8HiddenPropertyName::data(), dataArg);

[adamk, 2013/06/27 00:15:04]

Same question as in initCustomEvent, don't you need to set a bit?

[jww, 2013/06/27 04:35:35]

No longer relevant because we are getting rid of the bit.

+    event->initMessageEvent(typeArg, canBubbleArg, cancelableArg, originArg, lastEventIdArg, sourceArg, portArray.release());
 }
 
 void V8MessageEvent::webkitInitMessageEventMethodCustom(const v8::FunctionCallbackInfo<v8::Value>& args)