Remove leak of objects between isolated worlds on custom events.

Source/bindings/v8/custom/V8PopStateEventCustom.cpp

Index: Source/bindings/v8/custom/V8PopStateEventCustom.cpp
diff --git a/Source/bindings/v8/custom/V8PopStateEventCustom.cpp b/Source/bindings/v8/custom/V8PopStateEventCustom.cpp
index 43ac29ac220fb1fe3a44680d28495d7987644381..eed32c62018b61aa59cfa209888bf5f6be13d95f 100644
--- a/Source/bindings/v8/custom/V8PopStateEventCustom.cpp
+++ b/Source/bindings/v8/custom/V8PopStateEventCustom.cpp
@@ -56,8 +56,19 @@ void V8PopStateEvent::stateAttrGetterCustom(v8::Local<v8::String> name, const v8
     }
 
     PopStateEvent* event = V8PopStateEvent::toNative(info.Holder());
-    if (!event->state().hasNoValue()) {
-        v8SetReturnValue(info, cacheState(info.Holder(), event->state().v8Value()));
+
+    // This is necessary because of the V8 bug 2746. V8 returns an empty
+    // handler when a hidden value is v8::Undefined. Thus, it is necessary to
+    // keep extra state around in the event about whether the value was set in
+    // the first place. That is, if the detail was set, and V8 returns an empty
+    // handler for the value, we know that the value must actually be a
+    // v8::Undefined(), so we explicitly set that here. Oy!
+    //
+    // Once bug 2746 is addressed, the following 'if' should become dead code
+    // and should be removable. Please see the related comments in
+    // V8CustomEventCustom.cpp and V8MessageEventCustom.cpp as well.
+    if (event->isStateSet()) {
+        v8SetReturnValue(info, v8::Undefined());
         return;
     }