Title: [258425] branches/safari-609.2.1.2-branch/Source/WebCore
- Revision
- 258425
- Author
- alanc...@apple.com
- Date
- 2020-03-13 13:31:24 -0700 (Fri, 13 Mar 2020)
Log Message
Cherry-pick r257746. rdar://problem/60260331
ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject.
https://bugs.webkit.org/show_bug.cgi?id=208290
<rdar://problem/59839476>
Reviewed by Chris Dumez.
The call to executeScriptIgnoringException() may have changed the current global
object of the window. We should be using the original global object that produced
the result string.
Also added a missing exception check needed after a potential rope resolution.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::executeIfJavaScriptURL):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257746 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-609.2.1.2-branch/Source/WebCore/ChangeLog (258424 => 258425)
--- branches/safari-609.2.1.2-branch/Source/WebCore/ChangeLog 2020-03-13 20:22:17 UTC (rev 258424)
+++ branches/safari-609.2.1.2-branch/Source/WebCore/ChangeLog 2020-03-13 20:31:24 UTC (rev 258425)
@@ -1,3 +1,43 @@
+2020-03-13 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r257746. rdar://problem/60260331
+
+ ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject.
+ https://bugs.webkit.org/show_bug.cgi?id=208290
+ <rdar://problem/59839476>
+
+ Reviewed by Chris Dumez.
+
+ The call to executeScriptIgnoringException() may have changed the current global
+ object of the window. We should be using the original global object that produced
+ the result string.
+
+ Also added a missing exception check needed after a potential rope resolution.
+
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::executeIfJavaScriptURL):
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@257746 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-03-02 Mark Lam <mark....@apple.com>
+
+ ScriptController::executeIfJavaScriptURL() uses wrong JSGlobalObject.
+ https://bugs.webkit.org/show_bug.cgi?id=208290
+ <rdar://problem/59839476>
+
+ Reviewed by Chris Dumez.
+
+ The call to executeScriptIgnoringException() may have changed the current global
+ object of the window. We should be using the original global object that produced
+ the result string.
+
+ Also added a missing exception check needed after a potential rope resolution.
+
+ * bindings/js/ScriptController.cpp:
+ (WebCore::ScriptController::executeIfJavaScriptURL):
+
2020-02-17 Alan Coon <alanc...@apple.com>
Revert r256693. rdar://problem/59478981
Modified: branches/safari-609.2.1.2-branch/Source/WebCore/bindings/js/ScriptController.cpp (258424 => 258425)
--- branches/safari-609.2.1.2-branch/Source/WebCore/bindings/js/ScriptController.cpp 2020-03-13 20:22:17 UTC (rev 258424)
+++ branches/safari-609.2.1.2-branch/Source/WebCore/bindings/js/ScriptController.cpp 2020-03-13 20:31:24 UTC (rev 258425)
@@ -754,8 +754,13 @@
const int _javascript_SchemeLength = sizeof("_javascript_:") - 1;
+ JSDOMGlobalObject* globalObject = jsWindowProxy(mainThreadNormalWorld()).window();
+ VM& vm = globalObject->vm();
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+
String decodedURL = decodeURLEscapeSequences(url.string());
auto result = executeScriptIgnoringException(decodedURL.substring(_javascript_SchemeLength));
+ RELEASE_ASSERT(&vm == &jsWindowProxy(mainThreadNormalWorld()).window()->vm());
// If executing script caused this frame to be removed from the page, we
// don't want to try to replace its document!
@@ -762,8 +767,14 @@
if (!m_frame.page())
return true;
+ if (!result)
+ return true;
+
String scriptResult;
- if (!result || !result.getString(jsWindowProxy(mainThreadNormalWorld()).window(), scriptResult))
+ bool isString = result.getString(globalObject, scriptResult);
+ RETURN_IF_EXCEPTION(throwScope, true);
+
+ if (!isString)
return true;
// FIXME: We should always replace the document, but doing so
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
