Title: [112631] branches/chromium/1025
- Revision
- 112631
- Author
- [email protected]
- Date
- 2012-03-29 18:29:50 -0700 (Thu, 29 Mar 2012)
Log Message
Merge 112161
BUG=120189
Review URL: https://chromiumcodereview.appspot.com/9951003
Modified Paths
Added Paths
Diff
Copied: branches/chromium/1025/LayoutTests/fast/frames/resources/subframe-load-js-url-crash-iframe.html (from rev 112161, trunk/LayoutTests/fast/frames/resources/subframe-load-js-url-crash-iframe.html) (0 => 112631)
--- branches/chromium/1025/LayoutTests/fast/frames/resources/subframe-load-js-url-crash-iframe.html (rev 0)
+++ branches/chromium/1025/LayoutTests/fast/frames/resources/subframe-load-js-url-crash-iframe.html 2012-03-30 01:29:50 UTC (rev 112631)
@@ -0,0 +1,7 @@
+<script src=""
+<script>
+setTimeout(function() {
+ frameElement.src = ""
+ gc();
+}, 0);
+</script>
Copied: branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash-expected.txt (from rev 112161, trunk/LayoutTests/fast/frames/subframe-load-js-url-crash-expected.txt) (0 => 112631)
--- branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash-expected.txt (rev 0)
+++ branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash-expected.txt 2012-03-30 01:29:50 UTC (rev 112631)
@@ -0,0 +1,2 @@
+Test passes if it does not crash.
+
Copied: branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash.html (from rev 112161, trunk/LayoutTests/fast/frames/subframe-load-js-url-crash.html) (0 => 112631)
--- branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash.html (rev 0)
+++ branches/chromium/1025/LayoutTests/fast/frames/subframe-load-js-url-crash.html 2012-03-30 01:29:50 UTC (rev 112631)
@@ -0,0 +1,3 @@
+<div>Test passes if it does not crash.</div>
+<script>if (window.layoutTestController) layoutTestController.dumpAsText();</script>
+<iframe src=""
Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp (112630 => 112631)
--- branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp 2012-03-30 01:22:17 UTC (rev 112630)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.cpp 2012-03-30 01:29:50 UTC (rev 112631)
@@ -32,12 +32,11 @@
#include "V8RecursionScope.h"
#include "IDBPendingTransactionMonitor.h"
-#include "ScriptExecutionContext.h"
#include "WebKitMutationObserver.h"
namespace WebCore {
-void V8RecursionScope::didLeaveScriptContext(ScriptExecutionContext* context)
+void V8RecursionScope::didLeaveScriptContext()
{
// FIXME: Instrument any work that takes place when script exits to c++ (e.g. Mutation Observers).
@@ -49,7 +48,7 @@
#endif
#if ENABLE(MUTATION_OBSERVERS)
- if (context && context->isDocument())
+ if (m_isDocumentContext)
WebKitMutationObserver::deliverAllMutations();
#endif
}
Modified: branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h (112630 => 112631)
--- branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h 2012-03-30 01:22:17 UTC (rev 112630)
+++ branches/chromium/1025/Source/WebCore/bindings/v8/V8RecursionScope.h 2012-03-30 01:29:50 UTC (rev 112631)
@@ -31,17 +31,16 @@
#ifndef V8RecursionScope_h
#define V8RecursionScope_h
+#include "ScriptExecutionContext.h"
#include "V8Binding.h"
namespace WebCore {
-class ScriptExecutionContext;
-
class V8RecursionScope {
WTF_MAKE_NONCOPYABLE(V8RecursionScope);
public:
explicit V8RecursionScope(ScriptExecutionContext* context)
- : m_context(context)
+ : m_isDocumentContext(context && context->isDocument())
{
V8BindingPerIsolateData::current()->incrementRecursionLevel();
}
@@ -49,15 +48,15 @@
~V8RecursionScope()
{
if (!V8BindingPerIsolateData::current()->decrementRecursionLevel())
- didLeaveScriptContext(m_context);
+ didLeaveScriptContext();
}
static int recursionLevel() { return V8BindingPerIsolateData::current()->recursionLevel(); }
private:
- static void didLeaveScriptContext(ScriptExecutionContext*);
+ void didLeaveScriptContext();
- ScriptExecutionContext* m_context;
+ bool m_isDocumentContext;
};
} // namespace WebCore
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
