Index: third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp |
diff --git a/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp b/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp |
index 314385634ab6bc60a631bb7ffe58ad42be84ec8c..41df133fa293caff77633fb250544f2101262f84 100644 |
--- a/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp |
+++ b/third_party/WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp |
@@ -37,6 +37,10 @@ |
#include "bindings/core/v8/ScriptValueSerializer.h" |
#include "bindings/core/v8/SerializedScriptValueFactory.h" |
#include "bindings/core/v8/Transferables.h" |
+#include "bindings/core/v8/V8ArrayBuffer.h" |
+#include "bindings/core/v8/V8ImageBitmap.h" |
+#include "bindings/core/v8/V8MessagePort.h" |
+#include "bindings/core/v8/V8SharedArrayBuffer.h" |
#include "core/dom/DOMArrayBuffer.h" |
#include "core/dom/DOMSharedArrayBuffer.h" |
#include "core/dom/ExceptionCode.h" |
@@ -232,9 +236,38 @@ |
exceptionState.throwTypeError("Value at index " + String::number(i) + " is an untransferable " + (transferableObject->IsUndefined() ? "'undefined'" : "'null'") + " value."); |
return false; |
} |
- if (!SerializedScriptValueFactory::instance().extractTransferables(isolate, transferables, exceptionState, transferableObject, i)) { |
- if (!exceptionState.hadException()) |
- exceptionState.throwTypeError("Value at index " + String::number(i) + " does not have a transferable type."); |
+ // Validation of Objects implementing an interface, per WebIDL spec 4.1.15. |
+ if (V8MessagePort::hasInstance(transferableObject, isolate)) { |
+ MessagePort* port = V8MessagePort::toImpl(v8::Local<v8::Object>::Cast(transferableObject)); |
+ // Check for duplicate MessagePorts. |
+ if (transferables.messagePorts.contains(port)) { |
+ exceptionState.throwDOMException(DataCloneError, "Message port at index " + String::number(i) + " is a duplicate of an earlier port."); |
+ return false; |
+ } |
+ transferables.messagePorts.append(port); |
+ } else if (V8ArrayBuffer::hasInstance(transferableObject, isolate)) { |
+ DOMArrayBuffer* arrayBuffer = V8ArrayBuffer::toImpl(v8::Local<v8::Object>::Cast(transferableObject)); |
+ if (transferables.arrayBuffers.contains(arrayBuffer)) { |
+ exceptionState.throwDOMException(DataCloneError, "ArrayBuffer at index " + String::number(i) + " is a duplicate of an earlier ArrayBuffer."); |
+ return false; |
+ } |
+ transferables.arrayBuffers.append(arrayBuffer); |
+ } else if (V8SharedArrayBuffer::hasInstance(transferableObject, isolate)) { |
+ DOMSharedArrayBuffer* sharedArrayBuffer = V8SharedArrayBuffer::toImpl(v8::Local<v8::Object>::Cast(transferableObject)); |
+ if (transferables.arrayBuffers.contains(sharedArrayBuffer)) { |
+ exceptionState.throwDOMException(DataCloneError, "SharedArrayBuffer at index " + String::number(i) + " is a duplicate of an earlier SharedArrayBuffer."); |
+ return false; |
+ } |
+ transferables.arrayBuffers.append(sharedArrayBuffer); |
+ } else if (V8ImageBitmap::hasInstance(transferableObject, isolate)) { |
+ ImageBitmap* imageBitmap = V8ImageBitmap::toImpl(v8::Local<v8::Object>::Cast(transferableObject)); |
+ if (transferables.imageBitmaps.contains(imageBitmap)) { |
+ exceptionState.throwDOMException(DataCloneError, "ImageBitmap at index " + String::number(i) + " is a duplicate of an earlier ImageBitmap."); |
+ return false; |
+ } |
+ transferables.imageBitmaps.append(imageBitmap); |
+ } else { |
+ exceptionState.throwTypeError("Value at index " + String::number(i) + " does not have a transferable type."); |
return false; |
} |
} |