Diff
Modified: branches/safari-612.2.9.0-branch/LayoutTests/ChangeLog (283422 => 283423)
--- branches/safari-612.2.9.0-branch/LayoutTests/ChangeLog 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/LayoutTests/ChangeLog 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,3 +1,62 @@
+2021-10-01 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283410. rdar://problem/83784757
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ LayoutTests/imported/w3c:
+
+ * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+ * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt:
+
+ Source/_javascript_Core:
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::globalObjectOfClosestCodeBlock):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/PropertySlot.h:
+
+ Source/WebCore:
+
+ This patch disables new incumbent-window until it is fully implemented to avoid compatibility issue.
+
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ (WebCore::Converter<IDLCallbackInterface<T>>::convert):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::callerGlobalObject):
+ (WebCore::legacyActiveGlobalObjectForAccessor):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::incumbentDOMWindow):
+ (WebCore::legacyActiveDOMWindowForAccessor):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateCallWith):
+ * page/Location.idl:
+
+ LayoutTests:
+
+ * http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ * http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt:
+
2021-09-27 Alan Coon <alanc...@apple.com>
Cherry-pick r283035. rdar://problem/83584492
Modified: branches/safari-612.2.9.0-branch/LayoutTests/http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt (283422 => 283423)
--- branches/safari-612.2.9.0-branch/LayoutTests/http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/LayoutTests/http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,2 +1,2 @@
-document.referrer = http://127.0.0.1:8000/security/frameNavigation/context-for-location-href-gopd.html
+document.referrer = http://127.0.0.1:8000/security/frameNavigation/resources/middle-frame-for-location.html
Modified: branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/ChangeLog (283422 => 283423)
--- branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/ChangeLog 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/ChangeLog 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,3 +1,63 @@
+2021-10-01 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283410. rdar://problem/83784757
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ LayoutTests/imported/w3c:
+
+ * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+ * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt:
+
+ Source/_javascript_Core:
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::globalObjectOfClosestCodeBlock):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/PropertySlot.h:
+
+ Source/WebCore:
+
+ This patch disables new incumbent-window until it is fully implemented to avoid compatibility issue.
+
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ (WebCore::Converter<IDLCallbackInterface<T>>::convert):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::callerGlobalObject):
+ (WebCore::legacyActiveGlobalObjectForAccessor):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::incumbentDOMWindow):
+ (WebCore::legacyActiveDOMWindowForAccessor):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateCallWith):
+ * page/Location.idl:
+
+ LayoutTests:
+
+ * http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+ * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt:
+
2021-09-24 Russell Epstein <repst...@apple.com>
Cherry-pick r282084. rdar://problem/83429618
Modified: branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt (283422 => 283423)
--- branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,5 +1,5 @@
PASS The Function instance must be created in the Realm of the node document
FAIL The entry settings object while executing the compiled callback via Web IDL's invoke must be that of the node document assert_equals: expected "/html/webappapis/scripting/events/resources/open-window.html" but got "/html/webappapis/scripting/events/open-window.html"
-PASS The incumbent settings object while executing the compiled callback via Web IDL's invoke must be that of the node document
+FAIL The incumbent settings object while executing the compiled callback via Web IDL's invoke must be that of the node document assert_equals: expected "iframe" but got "parent frame"
Modified: branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt (283422 => 283423)
--- branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/LayoutTests/imported/w3c/web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt 2021-10-01 23:48:33 UTC (rev 283423)
@@ -2,13 +2,13 @@
PASS Sanity check: this all works as expected with no promises involved
PASS Fulfillment handler on fulfilled promise
-FAIL Fulfillment handler on fulfilled promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent.html"
+FAIL Fulfillment handler on fulfilled promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/current/current.html"
PASS Rejection handler on rejected promise
-FAIL Rejection handler on rejected promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent.html"
+FAIL Rejection handler on rejected promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/current/current.html"
PASS Fulfillment handler on pending-then-fulfilled promise
-FAIL Fulfillment handler on pending-then-fulfilled promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent.html"
+FAIL Fulfillment handler on pending-then-fulfilled promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/current/current.html"
PASS Rejection handler on pending-then-rejected promise
-FAIL Rejection handler on pending-then-rejected promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent.html"
+FAIL Rejection handler on pending-then-rejected promise, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/current/current.html"
PASS Thenable resolution
-FAIL Thenable resolution, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent.html"
+FAIL Thenable resolution, using backup incumbent settings object stack assert_equals: expected "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/promise-job-incumbent-incumbent.html" but got "http://localhost:8800/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/resources/current/current.html"
Modified: branches/safari-612.2.9.0-branch/Source/_javascript_Core/ChangeLog (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/_javascript_Core/ChangeLog 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/_javascript_Core/ChangeLog 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,3 +1,66 @@
+2021-10-01 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283410. rdar://problem/83784757
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ LayoutTests/imported/w3c:
+
+ * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+ * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt:
+
+ Source/_javascript_Core:
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::globalObjectOfClosestCodeBlock):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/PropertySlot.h:
+
+ Source/WebCore:
+
+ This patch disables new incumbent-window until it is fully implemented to avoid compatibility issue.
+
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ (WebCore::Converter<IDLCallbackInterface<T>>::convert):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::callerGlobalObject):
+ (WebCore::legacyActiveGlobalObjectForAccessor):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::incumbentDOMWindow):
+ (WebCore::legacyActiveDOMWindowForAccessor):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateCallWith):
+ * page/Location.idl:
+
+ LayoutTests:
+
+ * http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::globalObjectOfClosestCodeBlock):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/PropertySlot.h:
+
2021-09-27 Alan Coon <alanc...@apple.com>
Cherry-pick r283098. rdar://problem/83584491
Modified: branches/safari-612.2.9.0-branch/Source/_javascript_Core/interpreter/CallFrame.cpp (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/_javascript_Core/interpreter/CallFrame.cpp 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/_javascript_Core/interpreter/CallFrame.cpp 2021-10-01 23:48:33 UTC (rev 283423)
@@ -247,6 +247,8 @@
JSGlobalObject* CallFrame::globalObjectOfClosestCodeBlock(VM& vm, CallFrame* callFrame)
{
+ // FIXME: We need to handle JSONP interpretation case in ProgramExecutable since it does not have vm.topCallFrame.
+ // rdar://83691438
JSGlobalObject* globalObject = nullptr;
StackVisitor::visit(callFrame, vm, [&](StackVisitor& visitor) {
if (visitor->isWasmFrame()) {
Modified: branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/JSObject.cpp (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/JSObject.cpp 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/JSObject.cpp 2021-10-01 23:48:33 UTC (rev 283423)
@@ -3677,6 +3677,8 @@
ASSERT_WITH_MESSAGE(slot.isCustom(), "PropertySlot::TypeCustom is required in case of PropertyAttribute::CustomAccessor");
descriptor.setAccessorDescriptor((slot.attributes() | PropertyAttribute::Accessor) & ~PropertyAttribute::CustomAccessor);
JSGlobalObject* slotBaseGlobalObject = slot.slotBase()->globalObject(vm);
+ if (slot.attributes() & PropertyAttribute::DOMLegacyAccessor)
+ slotBaseGlobalObject = globalObject;
if (slot.customGetter())
descriptor.setGetter(createCustomGetterFunction(slotBaseGlobalObject, vm, propertyName, slot.customGetter(), slot.domAttribute()));
if (slot.customSetter())
Modified: branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/PropertySlot.h (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/PropertySlot.h 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/_javascript_Core/runtime/PropertySlot.h 2021-10-01 23:48:33 UTC (rev 283423)
@@ -45,6 +45,7 @@
Accessor = 1 << 4, // property is a getter/setter
CustomAccessor = 1 << 5,
CustomValue = 1 << 6,
+ DOMLegacyAccessor = 1 << 7, // property is a DOM legacy accessor, which holds caller's global object when it is materialized.
CustomAccessorOrValue = CustomAccessor | CustomValue,
AccessorOrCustomAccessorOrValue = Accessor | CustomAccessor | CustomValue,
ReadOnlyOrAccessorOrCustomAccessor = ReadOnly | Accessor | CustomAccessor,
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/ChangeLog (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/ChangeLog 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/ChangeLog 2021-10-01 23:48:33 UTC (rev 283423)
@@ -1,3 +1,78 @@
+2021-10-01 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r283410. rdar://problem/83784757
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ LayoutTests/imported/w3c:
+
+ * web-platform-tests/html/webappapis/scripting/events/compile-event-handler-settings-objects-expected.txt:
+ * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-_javascript_-job-queue/promise-job-incumbent-expected.txt:
+
+ Source/_javascript_Core:
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::globalObjectOfClosestCodeBlock):
+ * runtime/JSObject.cpp:
+ (JSC::JSObject::getOwnPropertyDescriptor):
+ * runtime/PropertySlot.h:
+
+ Source/WebCore:
+
+ This patch disables new incumbent-window until it is fully implemented to avoid compatibility issue.
+
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ (WebCore::Converter<IDLCallbackInterface<T>>::convert):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::callerGlobalObject):
+ (WebCore::legacyActiveGlobalObjectForAccessor):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::incumbentDOMWindow):
+ (WebCore::legacyActiveDOMWindowForAccessor):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateCallWith):
+ * page/Location.idl:
+
+ LayoutTests:
+
+ * http/tests/security/frameNavigation/context-for-location-href-gopd-expected.txt:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@283410 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-01 Yusuke Suzuki <ysuz...@apple.com>
+
+ Disable new incumbent-window until it is fully implemented
+ https://bugs.webkit.org/show_bug.cgi?id=230261
+ <rdar://problem/83099726>
+
+ Reviewed by Chris Dumez and Geoffrey Garen.
+
+ This patch disables new incumbent-window until it is fully implemented to avoid compatibility issue.
+
+ * bindings/js/JSDOMConvertCallbacks.h:
+ (WebCore::Converter<IDLCallbackFunction<T>>::convert):
+ (WebCore::Converter<IDLCallbackInterface<T>>::convert):
+ * bindings/js/JSDOMGlobalObject.cpp:
+ (WebCore::callerGlobalObject):
+ (WebCore::legacyActiveGlobalObjectForAccessor):
+ * bindings/js/JSDOMGlobalObject.h:
+ * bindings/js/JSDOMWindowBase.cpp:
+ (WebCore::incumbentDOMWindow):
+ (WebCore::legacyActiveDOMWindowForAccessor):
+ * bindings/js/JSDOMWindowBase.h:
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GetJSCAttributesForAttribute):
+ (GenerateCallWith):
+ * page/Location.idl:
+
2021-09-27 Alan Coon <alanc...@apple.com>
Cherry-pick r283035. rdar://problem/83584492
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp 2021-10-01 23:48:33 UTC (rev 283423)
@@ -60,6 +60,7 @@
#include <_javascript_Core/JSCustomSetterFunction.h>
#include <_javascript_Core/JSInternalPromise.h>
#include <_javascript_Core/StructureInlines.h>
+#include <_javascript_Core/VMEntryScope.h>
#include <_javascript_Core/VMTrapsInlines.h>
#include <_javascript_Core/WasmStreamingCompiler.h>
#include <_javascript_Core/WeakGCMapInlines.h>
@@ -560,4 +561,78 @@
return nullptr;
}
+static JSDOMGlobalObject& callerGlobalObject(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame* callFrame, bool skipFirstFrame, bool lookUpFromVMEntryScope)
+{
+ VM& vm = lexicalGlobalObject.vm();
+ if (callFrame) {
+ class GetCallerGlobalObjectFunctor {
+ public:
+ GetCallerGlobalObjectFunctor(bool skipFirstFrame)
+ : m_skipFirstFrame(skipFirstFrame)
+ { }
+
+ StackVisitor::Status operator()(StackVisitor& visitor) const
+ {
+ if (m_skipFirstFrame) {
+ if (!m_hasSkippedFirstFrame) {
+ m_hasSkippedFirstFrame = true;
+ return StackVisitor::Continue;
+ }
+ }
+
+ if (auto* codeBlock = visitor->codeBlock())
+ m_globalObject = codeBlock->globalObject();
+ else {
+ ASSERT(visitor->callee().rawPtr());
+ // FIXME: Callee is not an object if the caller is Web Assembly.
+ // Figure out what to do here. We can probably get the global object
+ // from the top-most Wasm Instance. https://bugs.webkit.org/show_bug.cgi?id=165721
+ if (visitor->callee().isCell() && visitor->callee().asCell()->isObject())
+ m_globalObject = jsCast<JSObject*>(visitor->callee().asCell())->globalObject();
+ }
+ return StackVisitor::Done;
+ }
+
+ JSC::JSGlobalObject* globalObject() const { return m_globalObject; }
+
+ private:
+ bool m_skipFirstFrame { false };
+ mutable bool m_hasSkippedFirstFrame { false };
+ mutable JSC::JSGlobalObject* m_globalObject { nullptr };
+ };
+
+ GetCallerGlobalObjectFunctor iter(skipFirstFrame);
+ callFrame->iterate(vm, iter);
+ if (iter.globalObject())
+ return *jsCast<JSDOMGlobalObject*>(iter.globalObject());
+ }
+
+ // In the case of legacyActiveGlobalObjectForAccessor, it is possible that vm.topCallFrame is nullptr when the script is evaluated as JSONP.
+ // Since we put JSGlobalObject to VMEntryScope, we can retrieve the right globalObject from that.
+ // For callerGlobalObject, we do not check vm.entryScope to keep it the old behavior.
+ if (lookUpFromVMEntryScope) {
+ if (vm.entryScope) {
+ if (auto* result = vm.entryScope->globalObject())
+ return *jsCast<JSDOMGlobalObject*>(result);
+ }
+ }
+
+ // If we cannot find JSGlobalObject in caller frames, we just return the current lexicalGlobalObject.
+ return *jsCast<JSDOMGlobalObject*>(&lexicalGlobalObject);
+}
+
+JSDOMGlobalObject& callerGlobalObject(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame* callFrame)
+{
+ constexpr bool skipFirstFrame = true;
+ constexpr bool lookUpFromVMEntryScope = false;
+ return callerGlobalObject(lexicalGlobalObject, callFrame, skipFirstFrame, lookUpFromVMEntryScope);
+}
+
+JSDOMGlobalObject& legacyActiveGlobalObjectForAccessor(JSC::JSGlobalObject& lexicalGlobalObject, JSC::CallFrame* callFrame)
+{
+ constexpr bool skipFirstFrame = false;
+ constexpr bool lookUpFromVMEntryScope = true;
+ return callerGlobalObject(lexicalGlobalObject, callFrame, skipFirstFrame, lookUpFromVMEntryScope);
+}
+
} // namespace WebCore
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.h (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMGlobalObject.h 2021-10-01 23:48:33 UTC (rev 283423)
@@ -143,6 +143,8 @@
};
JSDOMGlobalObject* toJSDOMGlobalObject(ScriptExecutionContext&, DOMWrapperWorld&);
+WEBCORE_EXPORT JSDOMGlobalObject& callerGlobalObject(JSC::JSGlobalObject&, JSC::CallFrame*);
+JSDOMGlobalObject& legacyActiveGlobalObjectForAccessor(JSC::JSGlobalObject&, JSC::CallFrame*);
template<class JSClass>
JSClass* toJSDOMGlobalObject(JSC::VM& vm, JSC::JSValue value)
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.cpp (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.cpp 2021-10-01 23:48:33 UTC (rev 283423)
@@ -284,17 +284,12 @@
DOMWindow& incumbentDOMWindow(JSGlobalObject& fallbackGlobalObject, CallFrame& callFrame)
{
- if (auto* globalObject = CallFrame::globalObjectOfClosestCodeBlock(fallbackGlobalObject.vm(), &callFrame))
- return asJSDOMWindow(globalObject)->wrapped();
- return asJSDOMWindow(&fallbackGlobalObject)->wrapped();
+ return asJSDOMWindow(&callerGlobalObject(fallbackGlobalObject, &callFrame))->wrapped();
}
DOMWindow& incumbentDOMWindow(JSGlobalObject& fallbackGlobalObject)
{
- VM& vm = fallbackGlobalObject.vm();
- if (auto* globalObject = CallFrame::globalObjectOfClosestCodeBlock(vm, vm.topCallFrame))
- return asJSDOMWindow(globalObject)->wrapped();
- return asJSDOMWindow(&fallbackGlobalObject)->wrapped();
+ return asJSDOMWindow(&callerGlobalObject(fallbackGlobalObject, fallbackGlobalObject.vm().topCallFrame))->wrapped();
}
DOMWindow& activeDOMWindow(JSGlobalObject& lexicalGlobalObject)
@@ -308,6 +303,16 @@
return asJSDOMWindow(vm.deprecatedVMEntryGlobalObject(&lexicalGlobalObject))->wrapped();
}
+DOMWindow& legacyActiveDOMWindowForAccessor(JSGlobalObject& fallbackGlobalObject, CallFrame& callFrame)
+{
+ return asJSDOMWindow(&legacyActiveGlobalObjectForAccessor(fallbackGlobalObject, &callFrame))->wrapped();
+}
+
+DOMWindow& legacyActiveDOMWindowForAccessor(JSGlobalObject& fallbackGlobalObject)
+{
+ return asJSDOMWindow(&legacyActiveGlobalObjectForAccessor(fallbackGlobalObject, fallbackGlobalObject.vm().topCallFrame))->wrapped();
+}
+
Document* responsibleDocument(VM& vm, CallFrame& callFrame)
{
CallerFunctor functor;
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.h (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.h 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/bindings/js/JSDOMWindowBase.h 2021-10-01 23:48:33 UTC (rev 283423)
@@ -126,6 +126,9 @@
DOMWindow& activeDOMWindow(JSC::JSGlobalObject&);
DOMWindow& firstDOMWindow(JSC::JSGlobalObject&);
+DOMWindow& legacyActiveDOMWindowForAccessor(JSC::JSGlobalObject&, JSC::CallFrame&);
+DOMWindow& legacyActiveDOMWindowForAccessor(JSC::JSGlobalObject&);
+
// FIXME: This should probably be removed in favor of one of the other DOMWindow accessors. It is intended
// to provide the document specfied as the 'responsible document' in the algorithm for document.open()
// (https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps steps 4
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2021-10-01 23:48:33 UTC (rev 283423)
@@ -2055,6 +2055,7 @@
push(@specials, "JSC::PropertyAttribute::DontEnum") if ($attribute->extendedAttributes->{NotEnumerable} || $isGlobalConstructor);
push(@specials, "JSC::PropertyAttribute::ReadOnly") if IsReadonly($attribute);
push(@specials, "JSC::PropertyAttribute::CustomAccessor") unless $isGlobalConstructor or IsJSBuiltin($interface, $attribute);
+ push(@specials, "JSC::PropertyAttribute::DOMLegacyAccessor") if $attribute->extendedAttributes->{LegacyActiveWindowForAccessor};
push(@specials, "JSC::PropertyAttribute::DOMAttribute") if IsAcceleratedDOMAttribute($interface, $attribute);
push(@specials, "JSC::PropertyAttribute::DOMJITAttribute") if $attribute->extendedAttributes->{DOMJIT};
push(@specials, "JSC::PropertyAttribute::Accessor | JSC::PropertyAttribute::Builtin") if IsJSBuiltin($interface, $attribute);
@@ -5984,6 +5985,11 @@
AddToImplIncludes("JSDOMWindowBase.h");
push(@callWithArgs, "incumbentDOMWindow(*$globalObject" . ($callFrameReference ? ", " . $callFrameReference : "") . ")");
}
+ if ($codeGenerator->ExtendedAttributeContains($callWith, "LegacyActiveWindowForAccessor")) {
+ AddToImplIncludes("DOMWindow.h");
+ AddToImplIncludes("JSDOMWindowBase.h");
+ push(@callWithArgs, "legacyActiveDOMWindowForAccessor(*$globalObject" . ($callFrameReference ? ", " . $callFrameReference : "") . ")");
+ }
if ($codeGenerator->ExtendedAttributeContains($callWith, "FirstWindow")) {
AddToImplIncludes("DOMWindow.h");
AddToImplIncludes("JSDOMWindowBase.h");
Modified: branches/safari-612.2.9.0-branch/Source/WebCore/page/Location.idl (283422 => 283423)
--- branches/safari-612.2.9.0-branch/Source/WebCore/page/Location.idl 2021-10-01 23:47:47 UTC (rev 283422)
+++ branches/safari-612.2.9.0-branch/Source/WebCore/page/Location.idl 2021-10-01 23:48:33 UTC (rev 283423)
@@ -43,7 +43,7 @@
LegacyUnforgeable,
Exposed=Window
] interface Location {
- [SetterCallWith=IncumbentWindow&FirstWindow, DoNotCheckSecurityOnSetter] stringifier attribute USVString href;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow, DoNotCheckSecurityOnSetter] stringifier attribute USVString href;
// FIXME: We should use IncumbentWindow once we found why https://bugs.webkit.org/show_bug.cgi?id=228943 issue occured.
[CallWith=ActiveWindow&FirstWindow] undefined assign(USVString url);
@@ -51,13 +51,13 @@
[CallWith=ActiveWindow] undefined reload();
// URI decomposition attributes
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString protocol;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString host;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString hostname;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString port;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString pathname;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString search;
- [SetterCallWith=IncumbentWindow&FirstWindow] attribute USVString hash;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString protocol;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString host;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString hostname;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString port;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString pathname;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString search;
+ [SetterCallWith=LegacyActiveWindowForAccessor&FirstWindow] attribute USVString hash;
readonly attribute USVString origin;