| Index: Source/bindings/core/v8/V8AbstractEventListener.h
|
| diff --git a/Source/bindings/core/v8/V8AbstractEventListener.h b/Source/bindings/core/v8/V8AbstractEventListener.h
|
| index 0d5c5989cfc8f636763851387d6786d5724d5ed7..0f40354e18b88771577db26d6913dc956da58ee7 100644
|
| --- a/Source/bindings/core/v8/V8AbstractEventListener.h
|
| +++ b/Source/bindings/core/v8/V8AbstractEventListener.h
|
| @@ -70,17 +70,18 @@ public:
|
|
|
| virtual bool operator==(const EventListener& other) override { return this == &other; }
|
|
|
| - virtual void handleEvent(ExecutionContext*, Event*) override;
|
| + virtual void handleEvent(ExecutionContext*, Event*) override final;
|
| + virtual void handleEvent(ScriptState*, Event*);
|
|
|
| // Returns the listener object, either a function or an object.
|
| - v8::Local<v8::Object> getListenerObject(ExecutionContext* context)
|
| + v8::Local<v8::Object> getListenerObject(ExecutionContext* executionContext)
|
| {
|
| // prepareListenerObject can potentially deref this event listener
|
| // as it may attempt to compile a function (lazy event listener), get an error
|
| // and invoke onerror callback which can execute arbitrary JS code.
|
| // Protect this event listener to keep it alive.
|
| RefPtr<V8AbstractEventListener> guard(this);
|
| - prepareListenerObject(context);
|
| + prepareListenerObject(executionContext);
|
| return m_listener.newLocal(m_isolate);
|
| }
|
|
|
| @@ -108,32 +109,30 @@ public:
|
|
|
| virtual bool belongsToTheCurrentWorld() const override final;
|
| v8::Isolate* isolate() const { return m_isolate; }
|
| - virtual DOMWrapperWorld& world() const { return scriptState()->world(); }
|
| - ScriptState* scriptState() const
|
| + DOMWrapperWorld& world() const { return *m_world; }
|
| +
|
| + void setScriptStateForBeforeUnload(ScriptState* scriptState)
|
| {
|
| - ASSERT(m_scriptState);
|
| - return m_scriptState.get();
|
| + m_scriptStateForBeforeUnload = scriptState;
|
| }
|
| - void setScriptState(ScriptState* scriptState) { m_scriptState = scriptState; }
|
|
|
| protected:
|
| - V8AbstractEventListener(bool isAttribute, ScriptState*);
|
| - V8AbstractEventListener(bool isAttribute, v8::Isolate*);
|
| + V8AbstractEventListener(bool isAttribute, DOMWrapperWorld&, v8::Isolate*);
|
|
|
| virtual void prepareListenerObject(ExecutionContext*) { }
|
|
|
| void setListenerObject(v8::Handle<v8::Object>);
|
|
|
| - void invokeEventHandler(Event*, v8::Local<v8::Value> jsEvent);
|
| + void invokeEventHandler(ScriptState*, Event*, v8::Local<v8::Value>);
|
|
|
| // Get the receiver object to use for event listener call.
|
| - v8::Local<v8::Object> getReceiverObject(Event*);
|
| + v8::Local<v8::Object> getReceiverObject(ScriptState*, Event*);
|
|
|
| private:
|
| // Implementation of EventListener function.
|
| virtual bool virtualisAttribute() const override { return m_isAttribute; }
|
|
|
| - virtual v8::Local<v8::Value> callListenerFunction(v8::Handle<v8::Value> jsevent, Event*) = 0;
|
| + virtual v8::Local<v8::Value> callListenerFunction(ScriptState*, v8::Handle<v8::Value> jsevent, Event*) = 0;
|
|
|
| virtual bool shouldPreventDefault(v8::Local<v8::Value> returnValue);
|
|
|
| @@ -144,11 +143,17 @@ private:
|
| // Indicates if this is an HTML type listener.
|
| bool m_isAttribute;
|
|
|
| - // For V8LazyEventListener, m_scriptState can be 0 until V8LazyEventListener is actually used.
|
| - // m_scriptState is set lazily because V8LazyEventListener doesn't know the associated frame
|
| - // until the listener is actually used.
|
| - RefPtr<ScriptState> m_scriptState;
|
| + RefPtr<DOMWrapperWorld> m_world;
|
| v8::Isolate* m_isolate;
|
| +
|
| + // This is weird code to keep compatibility.
|
| + // When a beforeunload event is fired, a return value of the
|
| + // beforeunload event must be evaluated in a context that installed
|
| + // a beforeunload event listener. Thus we record the current ScriptState
|
| + // onto the event listener. If the event listener is not for beforeunload
|
| + // or the event listener is a lazy event listener,
|
| + // m_scriptStateForBeforeUnload is nullptr.
|
| + RefPtr<ScriptState> m_scriptStateForBeforeUnload;
|
| };
|
|
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 823263002:
ScriptState used by EventListener::handleEvent() is wrong (Closed)
Base URL: svn://svn.chromium.org/blink/trunk