[webkit-changes] [WebKit/WebKit] ca6ca7: REGRESSION (Safari 16.4): PostMessage with transfe...

Chris Dumez noreply at github.com
Wed Apr 19 16:40:08 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ca6ca7d1895d58cb5d2b54563cda04c0c7945b12
      https://github.com/WebKit/WebKit/commit/ca6ca7d1895d58cb5d2b54563cda04c0c7945b12
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-04-19 (Wed, 19 Apr 2023)

  Changed paths:
    A LayoutTests/fast/events/message-event-data-isolated-world-expected.txt
    A LayoutTests/fast/events/message-event-data-isolated-world.html
    M Source/WebCore/dom/MessageEvent.cpp

  Log Message:
  -----------
  REGRESSION (Safari 16.4): PostMessage with transfer object is broken between contexts
https://bugs.webkit.org/show_bug.cgi?id=254777
rdar://107538083

Reviewed by Geoffrey Garen.

Before 256896 at main, we would construct MessageEvents and give them a
SerializedScriptValue to store internally. Then, the deserialization of this
SerializedScriptValue would happen lazily when the JS accesses
MessageEvent.data. We would then cache the result of the deserialization
inside MessageEvent::m_cachedData to avoid repeated deserializations.
Also note that we would make sure that the cachedData's world matches the
current world before using it. We would deserialize again if the worlds
don't match.

After 256896 at main, we now deserialize the SerializedScriptValue eagerly, so
that we know whether to fire a `message` event or a `messageerror` one.
This deserialization would happen in the main JS world and we would pass
the resulting JSValue to the MessageEvent to store instead of the
SerializedScriptValue. This would work fine for main worlds and regressed
isolated worlds since JSMessageEvent::data() would not have a
SerializedScriptValue to re-deserialize for isolated worlds.

To address the issue, we now construct MessageEvents with a
SerializedScriptValue, like we did before 256896 at main. For performance reasons
we also store the deserialized JSValue in MessageEvent::cachedData so that
later calls to JSMessageEvent::data() don't end up deserializing the
SerializedScriptValue again if called from the main world. However, if the
call for JSMessageEvent::data() comes from an isolated world, the
implementation will properly deserialize the SerializedScriptValue again,
like it did before 256896 at main.

This was tested manually on strava.com.

Test: fast/events/message-event-data-isolated-world.html

* Source/WebCore/dom/MessageEvent.cpp:
(WebCore::MessageEvent::create):

Canonical link: https://commits.webkit.org/263155@main

More information about the webkit-changes mailing list