[webkit-changes] [273438] trunk

Wed, 24 Feb 2021 14:04:18 -0800

Title: [273438] trunk
Revision
273438
Author
cdu...@apple.com
Date
2021-02-24 14:03:41 -0800 (Wed, 24 Feb 2021)

Log Message

Regression(r268700) postMessage changes prototype of basic types
https://bugs.webkit.org/show_bug.cgi?id=222228
<rdar://problem/74612853>

Reviewed by Geoffrey Garen.

Source/WebCore:

r268700 updated ScriptExecutionContext::globalObject() to call:
`WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page())`
instead of
`frame ? frame->script().globalObject(mainThreadNormalWorld()) : nullptr`

This was not right for subframes because globalObject() gets the globalObject from
the page's main frame instead of the document's frame.

This patch gets rid of the error-prone WebCore::globalObject() taking in a Page*
and replaces it with one taking in a Frame* to avoid such issues in the future.

Test: fast/dom/Window/postMessage-Object-prototype.html

* bindings/js/ScriptState.cpp:
(WebCore::globalObject):
* bindings/js/ScriptState.h:
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::globalObject):
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::addSelfToGlobalObjectInWorld):
(WebCore::InspectorFrontendHost::showContextMenu):

LayoutTests:

Add layout test coverage.

* fast/dom/Window/postMessage-Object-prototype-expected.txt: Added.
* fast/dom/Window/postMessage-Object-prototype.html: Added.
* fast/dom/Window/resources/postMessage-Object-prototype-frame.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (273437 => 273438)


--- trunk/LayoutTests/ChangeLog	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/LayoutTests/ChangeLog	2021-02-24 22:03:41 UTC (rev 273438)
@@ -1,3 +1,17 @@
+2021-02-24  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r268700) postMessage changes prototype of basic types
+        https://bugs.webkit.org/show_bug.cgi?id=222228
+        <rdar://problem/74612853>
+
+        Reviewed by Geoffrey Garen.
+
+        Add layout test coverage.
+
+        * fast/dom/Window/postMessage-Object-prototype-expected.txt: Added.
+        * fast/dom/Window/postMessage-Object-prototype.html: Added.
+        * fast/dom/Window/resources/postMessage-Object-prototype-frame.html: Added.
+
 2021-02-24  Jonathan Bedard  <jbed...@apple.com>
 
         Unreviewed Windows test gardening to speed up EWS.

Added: trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt (0 => 273438)


--- trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype-expected.txt	2021-02-24 22:03:41 UTC (rev 273438)
@@ -0,0 +1,11 @@
+Tests that the prototype of objects serialized via postMessage is correct.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS event.data instanceof Object
+PASS event.data.array instanceof Array
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html (0 => 273438)


--- trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/postMessage-Object-prototype.html	2021-02-24 22:03:41 UTC (rev 273438)
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<script src=""
+<body>
+<script>
+description("Tests that the prototype of objects serialized via postMessage is correct.");
+jsTestIsAsync = true;
+
+_onload_ = () => {
+    let testFrame = document.createElement("iframe");
+    testFrame.src = ""
+    document.body.append(testFrame);
+};
+</script>
+</body>
+</html>

Added: trunk/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html (0 => 273438)


--- trunk/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html	                        (rev 0)
+++ trunk/LayoutTests/fast/dom/Window/resources/postMessage-Object-prototype-frame.html	2021-02-24 22:03:41 UTC (rev 273438)
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script>
+window.addEventListener('message', event => {
+    if (event.data instanceof Object)
+        top.testPassed("event.data instanceof Object");
+    else
+        top.testFailed("event.data instanceof Object");
+    if (event.data.array instanceof Array)
+        top.testPassed("event.data.array instanceof Array");
+    else
+        top.testFailed("event.data.array instanceof Array");
+    top.finishJSTest();
+})
+
+const testObject = {
+    array: [ 1, 2, 3, 4 ]
+};
+window.postMessage(testObject);
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (273437 => 273438)


--- trunk/Source/WebCore/ChangeLog	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/Source/WebCore/ChangeLog	2021-02-24 22:03:41 UTC (rev 273438)
@@ -1,3 +1,33 @@
+2021-02-24  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r268700) postMessage changes prototype of basic types
+        https://bugs.webkit.org/show_bug.cgi?id=222228
+        <rdar://problem/74612853>
+
+        Reviewed by Geoffrey Garen.
+
+        r268700 updated ScriptExecutionContext::globalObject() to call:
+        `WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page())`
+        instead of
+        `frame ? frame->script().globalObject(mainThreadNormalWorld()) : nullptr`
+
+        This was not right for subframes because globalObject() gets the globalObject from
+        the page's main frame instead of the document's frame.
+
+        This patch gets rid of the error-prone WebCore::globalObject() taking in a Page*
+        and replaces it with one taking in a Frame* to avoid such issues in the future.
+
+        Test: fast/dom/Window/postMessage-Object-prototype.html
+
+        * bindings/js/ScriptState.cpp:
+        (WebCore::globalObject):
+        * bindings/js/ScriptState.h:
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::globalObject):
+        * inspector/InspectorFrontendHost.cpp:
+        (WebCore::InspectorFrontendHost::addSelfToGlobalObjectInWorld):
+        (WebCore::InspectorFrontendHost::showContextMenu):
+
 2021-02-24  Ziran Sun  <z...@igalia.com>
 
         [css-grid] Fix min/max widths of grid affected by ancestor

Modified: trunk/Source/WebCore/bindings/js/ScriptState.cpp (273437 => 273438)


--- trunk/Source/WebCore/bindings/js/ScriptState.cpp	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/Source/WebCore/bindings/js/ScriptState.cpp	2021-02-24 22:03:41 UTC (rev 273438)
@@ -92,9 +92,9 @@
     return frame->script().globalObject(world);
 }
 
-JSC::JSGlobalObject* globalObject(DOMWrapperWorld& world, Page* page)
+JSC::JSGlobalObject* globalObject(DOMWrapperWorld& world, Frame* frame)
 {
-    return page ? page->mainFrame().script().globalObject(world) : nullptr;
+    return frame ? frame->script().globalObject(world) : nullptr;
 }
 
 JSC::JSGlobalObject* globalObject(WorkerOrWorkletGlobalScope& workerOrWorkletGlobalScope)

Modified: trunk/Source/WebCore/bindings/js/ScriptState.h (273437 => 273438)


--- trunk/Source/WebCore/bindings/js/ScriptState.h	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/Source/WebCore/bindings/js/ScriptState.h	2021-02-24 22:03:41 UTC (rev 273438)
@@ -42,7 +42,6 @@
 class DOMWrapperWorld;
 class Frame;
 class Node;
-class Page;
 class ScriptExecutionContext;
 class WorkerOrWorkletGlobalScope;
 
@@ -53,7 +52,7 @@
 JSC::JSGlobalObject* mainWorldExecState(Frame*);
 
 JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Node*);
-WEBCORE_EXPORT JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Page*);
+WEBCORE_EXPORT JSC::JSGlobalObject* globalObject(DOMWrapperWorld&, Frame*);
 JSC::JSGlobalObject* globalObject(WorkerOrWorkletGlobalScope&);
 
 } // namespace WebCore

Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (273437 => 273438)


--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2021-02-24 22:03:41 UTC (rev 273438)
@@ -512,7 +512,7 @@
 JSC::JSGlobalObject* ScriptExecutionContext::globalObject()
 {
     if (is<Document>(*this))
-        return WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).page());
+        return WebCore::globalObject(mainThreadNormalWorld(), downcast<Document>(*this).frame());
 
     if (is<WorkerOrWorkletGlobalScope>(*this))
         return WebCore::globalObject(downcast<WorkerOrWorkletGlobalScope>(*this));

Modified: trunk/Source/WebCore/inspector/InspectorFrontendHost.cpp (273437 => 273438)


--- trunk/Source/WebCore/inspector/InspectorFrontendHost.cpp	2021-02-24 22:02:34 UTC (rev 273437)
+++ trunk/Source/WebCore/inspector/InspectorFrontendHost.cpp	2021-02-24 22:03:41 UTC (rev 273438)
@@ -158,7 +158,7 @@
 
 void InspectorFrontendHost::addSelfToGlobalObjectInWorld(DOMWrapperWorld& world)
 {
-    auto& lexicalGlobalObject = *globalObject(world, m_frontendPage);
+    auto& lexicalGlobalObject = *globalObject(world, m_frontendPage ? &m_frontendPage->mainFrame() : nullptr);
     auto& vm = lexicalGlobalObject.vm();
     JSC::JSLockHolder lock(vm);
     auto scope = DECLARE_CATCH_SCOPE(vm);
@@ -503,7 +503,7 @@
 #if ENABLE(CONTEXT_MENUS)
     ASSERT(m_frontendPage);
 
-    auto& lexicalGlobalObject = *globalObject(debuggerWorld(), m_frontendPage);
+    auto& lexicalGlobalObject = *globalObject(debuggerWorld(), &m_frontendPage->mainFrame());
     auto& vm = lexicalGlobalObject.vm();
     auto value = lexicalGlobalObject.get(&lexicalGlobalObject, JSC::Identifier::fromString(vm, "InspectorFrontendAPI"));
     ASSERT(value);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to