Diff
Modified: trunk/Source/WebCore/ChangeLog (292360 => 292361)
--- trunk/Source/WebCore/ChangeLog 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/ChangeLog 2022-04-05 01:46:53 UTC (rev 292361)
@@ -1,3 +1,25 @@
+2022-04-04 Gabriel Nava Marino <gnavamar...@apple.com>
+
+ Use Ref and RefPtr pattern when handling document close calls
+ https://bugs.webkit.org/show_bug.cgi?id=238747
+
+ Reviewed by Sam Weinig.
+
+ Ensure document object remains for the scope of the call.
+
+ * inspector/DOMPatchSupport.cpp:
+ (WebCore::DOMPatchSupport::patchDocument):
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::stopLoading):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::init):
+ (WebCore::FrameLoader::clear):
+ * loader/cache/CachedSVGDocument.cpp:
+ (WebCore::CachedSVGDocument::finishLoading):
+ * loader/cache/CachedSVGFont.cpp:
+ (WebCore::CachedSVGFont::ensureCustomFontData):
+ * xml/XMLHttpRequest.cpp:
+
2022-04-04 Matt Woodrow <mattwood...@apple.com>
intersectsWithAncestor should take fragmented boxes into account.
Modified: trunk/Source/WebCore/inspector/DOMPatchSupport.cpp (292360 => 292361)
--- trunk/Source/WebCore/inspector/DOMPatchSupport.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/inspector/DOMPatchSupport.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -102,9 +102,10 @@
std::unique_ptr<Digest> newInfo = createDigest(*newDocument->documentElement(), &m_unusedNodesMap);
if (innerPatchNode(*oldInfo, *newInfo).hasException()) {
+ Ref document { m_document };
// Fall back to rewrite.
- m_document.write(nullptr, markup);
- m_document.close();
+ document->write(nullptr, markup);
+ document->close();
}
}
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (292360 => 292361)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -397,7 +397,7 @@
// We always need to explicitly cancel the Document's parser when stopping the load.
// Otherwise cancelling the parser while starting the next page load might result
// in unexpected side effects such as erroneous event dispatch. ( http://webkit.org/b/117112 )
- if (Document* document = this->document())
+ if (RefPtr document = this->document())
document->cancelParsing();
stopLoadingSubresources();
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (292360 => 292361)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -345,7 +345,8 @@
m_provisionalDocumentLoader->startLoadingMainResource();
Ref<Frame> protect(m_frame);
- m_frame.document()->cancelParsing();
+ Ref document { *m_frame.document() };
+ document->cancelParsing();
m_stateMachine.advanceTo(FrameLoaderStateMachine::DisplayingInitialEmptyDocument);
m_networkingContext = m_client->createNetworkingContext();
@@ -626,12 +627,13 @@
m_needsClear = false;
if (neededClear && m_frame.document()->backForwardCacheState() != Document::InBackForwardCache) {
- m_frame.document()->cancelParsing();
- m_frame.document()->stopActiveDOMObjects();
- bool hadLivingRenderTree = m_frame.document()->hasLivingRenderTree();
- m_frame.document()->willBeRemovedFromFrame();
+ Ref document { *m_frame.document() };
+ document->cancelParsing();
+ document->stopActiveDOMObjects();
+ bool hadLivingRenderTree = document->hasLivingRenderTree();
+ document->willBeRemovedFromFrame();
if (hadLivingRenderTree)
- m_frame.document()->adjustFocusedNodeOnNodeRemoval(*m_frame.document());
+ document->adjustFocusedNodeOnNodeRemoval(document);
}
if (handleDOMWindowCreation)
Modified: trunk/Source/WebCore/loader/cache/CachedSVGDocument.cpp (292360 => 292361)
--- trunk/Source/WebCore/loader/cache/CachedSVGDocument.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/loader/cache/CachedSVGDocument.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -56,8 +56,9 @@
{
if (data) {
// We don't need to create a new frame because the new document belongs to the parent UseElement.
- m_document = SVGDocument::create(nullptr, m_settings, response().url());
- m_document->setContent(m_decoder->decodeAndFlush(data->makeContiguous()->data(), data->size()));
+ auto document = SVGDocument::create(nullptr, m_settings, response().url());
+ document->setContent(m_decoder->decodeAndFlush(data->makeContiguous()->data(), data->size()));
+ m_document = WTFMove(document);
}
CachedResource::finishLoading(data, metrics);
}
Modified: trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp (292360 => 292361)
--- trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/loader/cache/CachedSVGFont.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -75,13 +75,14 @@
{
// We may get here during render tree updates when events are forbidden.
// Frameless document can't run scripts or call back to the client so this is safe.
- m_externalSVGDocument = SVGDocument::create(nullptr, m_settings, URL());
+ auto externalSVGDocument = SVGDocument::create(nullptr, m_settings, URL());
auto decoder = TextResourceDecoder::create("application/xml"_s);
ScriptDisallowedScope::DisableAssertionsInScope disabledScope;
- m_externalSVGDocument->setContent(decoder->decodeAndFlush(m_data->makeContiguous()->data(), m_data->size()));
+ externalSVGDocument->setContent(decoder->decodeAndFlush(m_data->makeContiguous()->data(), m_data->size()));
sawError = decoder->sawError();
+ m_externalSVGDocument = WTFMove(externalSVGDocument);
}
if (sawError)
Modified: trunk/Source/WebCore/xml/XMLHttpRequest.cpp (292360 => 292361)
--- trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebCore/xml/XMLHttpRequest.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -180,18 +180,21 @@
|| (isHTML && responseType() == ResponseType::EmptyString)) {
m_responseDocument = nullptr;
} else {
+ RefPtr<Document> responseDocument;
if (isHTML)
- m_responseDocument = HTMLDocument::create(nullptr, context.settings(), m_response.url(), { });
+ responseDocument = HTMLDocument::create(nullptr, context.settings(), m_response.url(), { });
else
- m_responseDocument = XMLDocument::create(nullptr, context.settings(), m_response.url());
- m_responseDocument->overrideLastModified(m_response.lastModified());
- m_responseDocument->setContextDocument(context);
- m_responseDocument->setSecurityOriginPolicy(context.securityOriginPolicy());
- m_responseDocument->overrideMIMEType(mimeType);
- m_responseDocument->setContent(m_responseBuilder.toStringPreserveCapacity());
+ responseDocument = XMLDocument::create(nullptr, context.settings(), m_response.url());
+ responseDocument->overrideLastModified(m_response.lastModified());
+ responseDocument->setContextDocument(context);
+ responseDocument->setSecurityOriginPolicy(context.securityOriginPolicy());
+ responseDocument->overrideMIMEType(mimeType);
+ responseDocument->setContent(m_responseBuilder.toStringPreserveCapacity());
- if (!m_responseDocument->wellFormed())
+ if (!responseDocument->wellFormed())
m_responseDocument = nullptr;
+ else
+ m_responseDocument = WTFMove(responseDocument);
}
m_createdDocument = true;
}
Modified: trunk/Source/WebKitLegacy/win/ChangeLog (292360 => 292361)
--- trunk/Source/WebKitLegacy/win/ChangeLog 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebKitLegacy/win/ChangeLog 2022-04-05 01:46:53 UTC (rev 292361)
@@ -1,3 +1,15 @@
+2022-04-04 Gabriel Nava Marino <gnavamar...@apple.com>
+
+ Use Ref and RefPtr pattern when handling document close calls
+ https://bugs.webkit.org/show_bug.cgi?id=238747
+
+ Reviewed by Sam Weinig.
+
+ Ensure document object remains for the scope of the call.
+
+ * DOMHTMLClasses.cpp:
+ (DOMHTMLDocument::close):
+
2022-03-24 Chris Dumez <cdu...@apple.com>
String's find() / reverseFind() / replace() should take in a StringView instead of a String
Modified: trunk/Source/WebKitLegacy/win/DOMHTMLClasses.cpp (292360 => 292361)
--- trunk/Source/WebKitLegacy/win/DOMHTMLClasses.cpp 2022-04-05 01:41:10 UTC (rev 292360)
+++ trunk/Source/WebKitLegacy/win/DOMHTMLClasses.cpp 2022-04-05 01:46:53 UTC (rev 292361)
@@ -362,8 +362,8 @@
{
if (!m_document)
return E_FAIL;
-
- m_document->close();
+ Ref document { *m_document };
+ document->close();
return S_OK;
}