Title: [103424] branches/safari-534.54-branch/Source/WebKit/mac
- Revision
- 103424
- Author
- lforsch...@apple.com
- Date
- 2011-12-21 11:48:58 -0800 (Wed, 21 Dec 2011)
Log Message
Merged r93732.
Modified Paths
Diff
Modified: branches/safari-534.54-branch/Source/WebKit/mac/ChangeLog (103423 => 103424)
--- branches/safari-534.54-branch/Source/WebKit/mac/ChangeLog 2011-12-21 19:45:52 UTC (rev 103423)
+++ branches/safari-534.54-branch/Source/WebKit/mac/ChangeLog 2011-12-21 19:48:58 UTC (rev 103424)
@@ -1,3 +1,23 @@
+2011-12-21 Lucas Forschler <lforsch...@apple.com>
+
+ Merge 93732
+
+ 2011-08-24 Alexey Proskuryakov <a...@apple.com>
+
+ Plug-in tests are flaky on Mac
+ https://bugs.webkit.org/show_bug.cgi?id=66822
+
+ Reviewed by Anders Carlsson.
+
+ * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
+ (WebKit::NetscapePluginInstanceProxy::evaluateJavaScript):
+ Protect objects that can be removed by a script.
+
+ * WebView/WebFrame.mm:
+ (-[WebFrame _stringByEvaluatingJavaScriptFromString:forceUserGesture:]): Ditto.
+ (-[WebFrame _stringByEvaluatingJavaScriptFromString:withGlobalObject:inScriptWorld:]): Ditto.
+ Also fixed some nonsense code.
+
2011-12-20 Lucas Forschler <lforsch...@apple.com>
Merge 92347
Modified: branches/safari-534.54-branch/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm (103423 => 103424)
--- branches/safari-534.54-branch/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm 2011-12-21 19:45:52 UTC (rev 103423)
+++ branches/safari-534.54-branch/Source/WebKit/mac/Plugins/Hosted/NetscapePluginInstanceProxy.mm 2011-12-21 19:48:58 UTC (rev 103424)
@@ -690,7 +690,9 @@
NSURL *URL = "" URL];
NSString *JSString = [URL _webkit_scriptIfJavaScriptURL];
ASSERT(JSString);
-
+
+ RefPtr<NetscapePluginInstanceProxy> protect(this); // Executing arbitrary _javascript_ can destroy the proxy.
+
NSString *result = [[m_pluginView webFrame] _stringByEvaluatingJavaScriptFromString:JSString forceUserGesture:pluginRequest->allowPopups()];
// Don't continue if stringByEvaluatingJavaScriptFromString caused the plug-in to stop.
Modified: branches/safari-534.54-branch/Source/WebKit/mac/WebView/WebFrame.mm (103423 => 103424)
--- branches/safari-534.54-branch/Source/WebKit/mac/WebView/WebFrame.mm 2011-12-21 19:45:52 UTC (rev 103423)
+++ branches/safari-534.54-branch/Source/WebKit/mac/WebView/WebFrame.mm 2011-12-21 19:48:58 UTC (rev 103424)
@@ -608,6 +608,7 @@
- (NSString *)_stringByEvaluatingJavaScriptFromString:(NSString *)string forceUserGesture:(BOOL)forceUserGesture
{
ASSERT(_private->coreFrame->document());
+ RetainPtr<WebFrame> protect(self); // Executing arbitrary _javascript_ can destroy the frame.
JSValue result = _private->coreFrame->script()->executeScript(string, forceUserGesture).jsValue();
@@ -1204,9 +1205,11 @@
// Get the frame frome the global object we've settled on.
Frame* frame = anyWorldGlobalObject->impl()->frame();
ASSERT(frame->document());
+ RetainPtr<WebFrame> webFrame(kit(frame)); // Running arbitrary _javascript_ can destroy the frame.
+
JSValue result = frame->script()->executeScriptInWorld(core(world), string, true).jsValue();
- if (!frame) // In case the script removed our frame from the page.
+ if (!webFrame->_private->coreFrame) // In case the script removed our frame from the page.
return @"";
// This bizarre set of rules matches behavior from WebKit for Safari 2.0.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes