Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/bindings/v8/custom/V8HTMLDocumentCustom.cpp

Issue 8028034: Merge 95667 - [Chromium] Protect the Frame in V8HTMLDocument::openCallback (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/835/
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2007, 2008, 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2007, 2008, 2009 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 htmlDocument->writeln(writeHelperGetString(args), frame ? frame->document() : NULL); 125 htmlDocument->writeln(writeHelperGetString(args), frame ? frame->document() : NULL);
126 return v8::Undefined(); 126 return v8::Undefined();
127 } 127 }
128 128
129 v8::Handle<v8::Value> V8HTMLDocument::openCallback(const v8::Arguments& args) 129 v8::Handle<v8::Value> V8HTMLDocument::openCallback(const v8::Arguments& args)
130 { 130 {
131 INC_STATS("DOM.HTMLDocument.open()"); 131 INC_STATS("DOM.HTMLDocument.open()");
132 HTMLDocument* htmlDocument = V8HTMLDocument::toNative(args.Holder()); 132 HTMLDocument* htmlDocument = V8HTMLDocument::toNative(args.Holder());
133 133
134 if (args.Length() > 2) { 134 if (args.Length() > 2) {
135 if (Frame* frame = htmlDocument->frame()) { 135 if (RefPtr<Frame> frame = htmlDocument->frame()) {
136 // Fetch the global object for the frame. 136 // Fetch the global object for the frame.
137 v8::Local<v8::Context> context = V8Proxy::context(frame); 137 v8::Local<v8::Context> context = V8Proxy::context(frame.get());
138 // Bail out if we cannot get the context. 138 // Bail out if we cannot get the context.
139 if (context.IsEmpty()) 139 if (context.IsEmpty())
140 return v8::Undefined(); 140 return v8::Undefined();
141 v8::Local<v8::Object> global = context->Global(); 141 v8::Local<v8::Object> global = context->Global();
142 // Get the open property of the global object. 142 // Get the open property of the global object.
143 v8::Local<v8::Value> function = global->Get(v8::String::New("open")) ; 143 v8::Local<v8::Value> function = global->Get(v8::String::New("open")) ;
144 // If the open property is not a function throw a type error. 144 // If the open property is not a function throw a type error.
145 if (!function->IsFunction()) { 145 if (!function->IsFunction()) {
146 throwError("open is not a function"); 146 throwError("open is not a function");
147 return v8::Undefined(); 147 return v8::Undefined();
148 } 148 }
149 // Wrap up the arguments and call the function. 149 // Wrap up the arguments and call the function.
150 v8::Local<v8::Value>* params = new v8::Local<v8::Value>[args.Length( )]; 150 v8::Local<v8::Value>* params = new v8::Local<v8::Value>[args.Length( )];
151 for (int i = 0; i < args.Length(); i++) 151 for (int i = 0; i < args.Length(); i++)
152 params[i] = args[i]; 152 params[i] = args[i];
153 153
154 V8Proxy* proxy = V8Proxy::retrieve(frame); 154 V8Proxy* proxy = V8Proxy::retrieve(frame.get());
155 ASSERT(proxy); 155 if (!proxy)
156 return v8::Undefined();
156 157
157 v8::Local<v8::Value> result = proxy->callFunction(v8::Local<v8::Func tion>::Cast(function), global, args.Length(), params); 158 v8::Local<v8::Value> result = proxy->callFunction(v8::Local<v8::Func tion>::Cast(function), global, args.Length(), params);
158 delete[] params; 159 delete[] params;
159 return result; 160 return result;
160 } 161 }
161 } 162 }
162 163
163 Frame* frame = V8Proxy::retrieveFrameForCallingContext(); 164 Frame* frame = V8Proxy::retrieveFrameForCallingContext();
164 htmlDocument->open(frame ? frame->document() : NULL); 165 htmlDocument->open(frame ? frame->document() : NULL);
165 // Return the document. 166 // Return the document.
(...skipping 22 matching lines...) Expand all
188 if (wrapper.IsEmpty()) 189 if (wrapper.IsEmpty())
189 return wrapper; 190 return wrapper;
190 if (!V8IsolatedContext::getEntered()) { 191 if (!V8IsolatedContext::getEntered()) {
191 if (V8Proxy* proxy = V8Proxy::retrieve(impl->frame())) 192 if (V8Proxy* proxy = V8Proxy::retrieve(impl->frame()))
192 proxy->windowShell()->updateDocumentWrapper(wrapper); 193 proxy->windowShell()->updateDocumentWrapper(wrapper);
193 } 194 }
194 return wrapper; 195 return wrapper;
195 } 196 }
196 197
197 } // namespace WebCore 198 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/fast/dom/frame-deleted-in-document-open-expected.txt ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698