<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[46523] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/46523">46523</a></dd>
<dt>Author</dt> <dd>abarth@webkit.org</dd>
<dt>Date</dt> <dd>2009-07-29 00:59:40 -0700 (Wed, 29 Jul 2009)</dd>
</dl>

<h3>Log Message</h3>
<pre>2009-07-29  Adam Barth  &lt;abarth@webkit.org&gt;

        Reviewed by Dimitri Glazkov.

        [V8] Teach V8Proxy::context about isolated worlds
        https://bugs.webkit.org/show_bug.cgi?id=27701

        Change V8Proxy::context(Frame*) to understand isolated worlds.  Audit
        all callers of this method to make sure they want isolated worlds.  In
        cases where we really want the main world, I've changed the call to
        V8Proxy::mainWorldContext(Frame*).
        
        The main visible change is to the document.open method when called with
        more than two arguments.  This design seems more likely to lead to
        future correct code.

        Test: http/tests/security/isolatedWorld/document-open.html

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::processingUserGesture):
        (WebCore::ScriptController::evaluate):
        (WebCore::ScriptController::bindToWindowObject):
        (WebCore::ScriptController::collectGarbage):
        (WebCore::createScriptObject):
        (WebCore::ScriptController::createScriptObjectForPluginElement):
        * bindings/v8/ScriptObjectQuarantine.cpp:
        (WebCore::getQuarantinedScriptObject):
        * bindings/v8/V8AbstractEventListener.cpp:
        (WebCore::V8AbstractEventListener::handleEvent):
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::getConstructor):
        (WebCore::V8DOMWrapper::setHiddenWindowReference):
        (WebCore::V8DOMWrapper::convertNodeToV8Object):
        (WebCore::V8DOMWrapper::convertWindowToV8Object):
        * bindings/v8/V8Helpers.cpp:
        (WebCore::toV8Context):
        * bindings/v8/V8LazyEventListener.cpp:
        (WebCore::V8LazyEventListener::getListenerFunction):
        (WebCore::V8LazyEventListener::getWrappedListenerFunction):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::context):
        (WebCore::V8Proxy::mainWorldContext):
        (WebCore::V8Proxy::bindJsObjectToWindow):
        * bindings/v8/V8Proxy.h:

2009-07-29  Adam Barth  &lt;abarth@webkit.org&gt;

        Reviewed by Dimitri Glazkov.

        [V8] Teach V8Proxy::context about isolated worlds
        https://bugs.webkit.org/show_bug.cgi?id=27701

        Test that calling document.open with more than two arguments calls the
        window.open method from the correct world.

        * http/tests/security/isolatedWorld/document-open-expected.txt: Added.
        * http/tests/security/isolatedWorld/document-open.html: Added.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsplatformgtkSkipped">trunk/LayoutTests/platform/gtk/Skipped</a></li>
<li><a href="#trunkLayoutTestsplatformmacSkipped">trunk/LayoutTests/platform/mac/Skipped</a></li>
<li><a href="#trunkLayoutTestsplatformqtSkipped">trunk/LayoutTests/platform/qt/Skipped</a></li>
<li><a href="#trunkLayoutTestsplatformwinSkipped">trunk/LayoutTests/platform/win/Skipped</a></li>
<li><a href="#trunkWebCoreChangeLog">trunk/WebCore/ChangeLog</a></li>
<li><a href="#trunkWebCorebindingsv8ScriptControllercpp">trunk/WebCore/bindings/v8/ScriptController.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8ScriptObjectQuarantinecpp">trunk/WebCore/bindings/v8/ScriptObjectQuarantine.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8AbstractEventListenercpp">trunk/WebCore/bindings/v8/V8AbstractEventListener.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8DOMWrappercpp">trunk/WebCore/bindings/v8/V8DOMWrapper.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8DOMWrapperh">trunk/WebCore/bindings/v8/V8DOMWrapper.h</a></li>
<li><a href="#trunkWebCorebindingsv8V8Helperscpp">trunk/WebCore/bindings/v8/V8Helpers.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8LazyEventListenercpp">trunk/WebCore/bindings/v8/V8LazyEventListener.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8Proxycpp">trunk/WebCore/bindings/v8/V8Proxy.cpp</a></li>
<li><a href="#trunkWebCorebindingsv8V8Proxyh">trunk/WebCore/bindings/v8/V8Proxy.h</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestshttptestssecurityisolatedWorlddocumentopenexpectedtxt">trunk/LayoutTests/http/tests/security/isolatedWorld/document-open-expected.txt</a></li>
<li><a href="#trunkLayoutTestshttptestssecurityisolatedWorlddocumentopenhtml">trunk/LayoutTests/http/tests/security/isolatedWorld/document-open.html</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/LayoutTests/ChangeLog        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2009-07-29  Adam Barth  &lt;abarth@webkit.org&gt;
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Teach V8Proxy::context about isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=27701
+
+        Test that calling document.open with more than two arguments calls the
+        window.open method from the correct world.
+
+        * http/tests/security/isolatedWorld/document-open-expected.txt: Added.
+        * http/tests/security/isolatedWorld/document-open.html: Added.
+
</ins><span class="cx"> 2009-07-28  Dan Bernstein  &lt;mitz@apple.com&gt;
</span><span class="cx"> 
</span><span class="cx">         Update Window-specific results with the non-prefixed border-radius
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityisolatedWorlddocumentopenexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/isolatedWorld/document-open-expected.txt (0 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/isolatedWorld/document-open-expected.txt                                (rev 0)
+++ trunk/LayoutTests/http/tests/security/isolatedWorld/document-open-expected.txt        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -0,0 +1,2 @@
</span><ins>+ALERT: PASS
+
</ins></span></pre></div>
<a id="trunkLayoutTestshttptestssecurityisolatedWorlddocumentopenhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/http/tests/security/isolatedWorld/document-open.html (0 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/isolatedWorld/document-open.html                                (rev 0)
+++ trunk/LayoutTests/http/tests/security/isolatedWorld/document-open.html        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -0,0 +1,15 @@
</span><ins>+&lt;!DOCTYPE html&gt;
+&lt;html&gt;
+&lt;body&gt;
+&lt;div id=&quot;console&quot;&gt;&lt;/div&gt;
+&lt;script&gt;
+window.open = function () { alert(&quot;FAIL: Visible in isolated world.&quot;); };
+if (window.layoutTestController) {
+  layoutTestController.dumpAsText();
+  layoutTestController.queueScriptInIsolatedWorld(
+    &quot;window.open = function () { alert('PASS'); };\n&quot; +
+    &quot;document.open(1, 2, 3);&quot;);
+}
+&lt;/script&gt;
+&lt;/body&gt;
+&lt;/html&gt;
</ins></span></pre></div>
<a id="trunkLayoutTestsplatformgtkSkipped"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/gtk/Skipped (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/gtk/Skipped        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/LayoutTests/platform/gtk/Skipped        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -5978,6 +5978,7 @@
</span><span class="cx"> http/tests/security/isolatedWorld/all-window-prototypes.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-prototype.html
</span><ins>+http/tests/security/isolatedWorld/document-open.html
</ins><span class="cx"> http/tests/security/isolatedWorld/document-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/document-prototype.html
</span><span class="cx"> http/tests/security/isolatedWorld/global-variables.html
</span></span></pre></div>
<a id="trunkLayoutTestsplatformmacSkipped"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/mac/Skipped (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/mac/Skipped        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/LayoutTests/platform/mac/Skipped        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -72,6 +72,7 @@
</span><span class="cx"> http/tests/security/isolatedWorld/all-window-prototypes.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-prototype.html
</span><ins>+http/tests/security/isolatedWorld/document-open.html
</ins><span class="cx"> http/tests/security/isolatedWorld/document-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/document-prototype.html
</span><span class="cx"> http/tests/security/isolatedWorld/global-variables.html
</span></span></pre></div>
<a id="trunkLayoutTestsplatformqtSkipped"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/qt/Skipped (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/qt/Skipped        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/LayoutTests/platform/qt/Skipped        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -5108,6 +5108,7 @@
</span><span class="cx"> http/tests/security/isolatedWorld/all-window-prototypes.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-prototype.html
</span><ins>+http/tests/security/isolatedWorld/document-open.html
</ins><span class="cx"> http/tests/security/isolatedWorld/document-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/document-prototype.html
</span><span class="cx"> http/tests/security/isolatedWorld/global-variables.html
</span></span></pre></div>
<a id="trunkLayoutTestsplatformwinSkipped"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/platform/win/Skipped (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/platform/win/Skipped        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/LayoutTests/platform/win/Skipped        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -559,6 +559,7 @@
</span><span class="cx"> http/tests/security/isolatedWorld/all-window-prototypes.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/body-prototype.html
</span><ins>+http/tests/security/isolatedWorld/document-open.html
</ins><span class="cx"> http/tests/security/isolatedWorld/document-properties.html
</span><span class="cx"> http/tests/security/isolatedWorld/document-prototype.html
</span><span class="cx"> http/tests/security/isolatedWorld/global-variables.html
</span></span></pre></div>
<a id="trunkWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/ChangeLog (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/ChangeLog        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/ChangeLog        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -1,3 +1,48 @@
</span><ins>+2009-07-29  Adam Barth  &lt;abarth@webkit.org&gt;
+
+        Reviewed by Dimitri Glazkov.
+
+        [V8] Teach V8Proxy::context about isolated worlds
+        https://bugs.webkit.org/show_bug.cgi?id=27701
+
+        Change V8Proxy::context(Frame*) to understand isolated worlds.  Audit
+        all callers of this method to make sure they want isolated worlds.  In
+        cases where we really want the main world, I've changed the call to
+        V8Proxy::mainWorldContext(Frame*).
+        
+        The main visible change is to the document.open method when called with
+        more than two arguments.  This design seems more likely to lead to
+        future correct code.
+
+        Test: http/tests/security/isolatedWorld/document-open.html
+
+        * bindings/v8/ScriptController.cpp:
+        (WebCore::ScriptController::processingUserGesture):
+        (WebCore::ScriptController::evaluate):
+        (WebCore::ScriptController::bindToWindowObject):
+        (WebCore::ScriptController::collectGarbage):
+        (WebCore::createScriptObject):
+        (WebCore::ScriptController::createScriptObjectForPluginElement):
+        * bindings/v8/ScriptObjectQuarantine.cpp:
+        (WebCore::getQuarantinedScriptObject):
+        * bindings/v8/V8AbstractEventListener.cpp:
+        (WebCore::V8AbstractEventListener::handleEvent):
+        * bindings/v8/V8DOMWrapper.cpp:
+        (WebCore::V8DOMWrapper::getConstructor):
+        (WebCore::V8DOMWrapper::setHiddenWindowReference):
+        (WebCore::V8DOMWrapper::convertNodeToV8Object):
+        (WebCore::V8DOMWrapper::convertWindowToV8Object):
+        * bindings/v8/V8Helpers.cpp:
+        (WebCore::toV8Context):
+        * bindings/v8/V8LazyEventListener.cpp:
+        (WebCore::V8LazyEventListener::getListenerFunction):
+        (WebCore::V8LazyEventListener::getWrappedListenerFunction):
+        * bindings/v8/V8Proxy.cpp:
+        (WebCore::V8Proxy::context):
+        (WebCore::V8Proxy::mainWorldContext):
+        (WebCore::V8Proxy::bindJsObjectToWindow):
+        * bindings/v8/V8Proxy.h:
+
</ins><span class="cx"> 2009-07-29  Balazs Kelemen  &lt;kelemen.balazs.3@stud.u-szeged.hu&gt;
</span><span class="cx"> 
</span><span class="cx">         Reviewed by Simon Hausmann.
</span></span></pre></div>
<a id="trunkWebCorebindingsv8ScriptControllercpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/ScriptController.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/ScriptController.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/ScriptController.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -144,7 +144,7 @@
</span><span class="cx">     V8Proxy* activeProxy = activeFrame-&gt;script()-&gt;proxy();
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(activeFrame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(activeFrame);
</ins><span class="cx">     // FIXME: find all cases context can be empty:
</span><span class="cx">     //  1) JS is disabled;
</span><span class="cx">     //  2) page is NULL;
</span><span class="lines">@@ -206,7 +206,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_proxy-&gt;frame());
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(m_proxy-&gt;frame());
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return ScriptValue();
</span><span class="cx"> 
</span><span class="lines">@@ -241,7 +241,7 @@
</span><span class="cx"> {
</span><span class="cx">     v8::HandleScope handleScope;
</span><span class="cx"> 
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(frame);
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="lines">@@ -257,7 +257,7 @@
</span><span class="cx"> void ScriptController::collectGarbage()
</span><span class="cx"> {
</span><span class="cx">     v8::HandleScope handleScope;
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_proxy-&gt;frame());
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(m_proxy-&gt;frame());
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="lines">@@ -338,7 +338,7 @@
</span><span class="cx"> static NPObject* createScriptObject(Frame* frame)
</span><span class="cx"> {
</span><span class="cx">     v8::HandleScope handleScope;
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(frame);
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return createNoScriptObject();
</span><span class="cx"> 
</span><span class="lines">@@ -375,7 +375,7 @@
</span><span class="cx">         return createNoScriptObject();
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(m_frame);
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return createNoScriptObject();
</span><span class="cx">     v8::Context::Scope scope(v8Context);
</span></span></pre></div>
<a id="trunkWebCorebindingsv8ScriptObjectQuarantinecpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/ScriptObjectQuarantine.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/ScriptObjectQuarantine.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/ScriptObjectQuarantine.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -69,6 +69,7 @@
</span><span class="cx"> #if ENABLE(DOM_STORAGE)
</span><span class="cx">     v8::HandleScope handleScope;
</span><span class="cx">     v8::Local&lt;v8::Context&gt; context = V8Proxy::context(frame);
</span><ins>+    // FIXME: What if context.IsEmpty()?
</ins><span class="cx">     v8::Context::Scope scope(context);
</span><span class="cx"> 
</span><span class="cx">     v8::Handle&lt;v8::Value&gt; v8Storage = V8DOMWrapper::convertToV8Object(V8ClassIndex::STORAGE, storage);
</span><span class="lines">@@ -85,8 +86,11 @@
</span><span class="cx">     ASSERT(node);
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><ins>+    // FIXME: What if document() is null?
+    // FIXME: Why are we grabbing the mainFrame?
</ins><span class="cx">     Frame* frame = node-&gt;document()-&gt;page()-&gt;mainFrame();
</span><span class="cx">     v8::Local&lt;v8::Context&gt; context = V8Proxy::context(frame);
</span><ins>+    // FIXME: What if context.IsEmpty()?
</ins><span class="cx">     v8::Context::Scope scope(context);
</span><span class="cx"> 
</span><span class="cx">     v8::Handle&lt;v8::Value&gt; v8Node = V8DOMWrapper::convertNodeToV8Object(node);
</span><span class="lines">@@ -101,7 +105,9 @@
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><span class="cx">     Frame* frame = domWindow-&gt;frame();
</span><ins>+    // FIXME: What if frame is null?
</ins><span class="cx">     v8::Local&lt;v8::Context&gt; context = V8Proxy::context(frame);
</span><ins>+    // FIXME: What if context.IsEmpty()?
</ins><span class="cx">     v8::Context::Scope scope(context);
</span><span class="cx"> 
</span><span class="cx">     v8::Handle&lt;v8::Value&gt; v8DomWindow = V8DOMWrapper::convertToV8Object(V8ClassIndex::DOMWINDOW, domWindow);
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8AbstractEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8AbstractEventListener.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8AbstractEventListener.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8AbstractEventListener.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -112,6 +112,8 @@
</span><span class="cx"> 
</span><span class="cx">     v8::HandleScope handleScope;
</span><span class="cx"> 
</span><ins>+    // FIXME: This context might be in the wrong world!
+    //        See https://bugs.webkit.org/show_bug.cgi?id=27533
</ins><span class="cx">     v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_frame);
</span><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return;
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8DOMWrappercpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8DOMWrapper.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8DOMWrapper.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8DOMWrapper.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -502,7 +502,7 @@
</span><span class="cx">     if (!frame)
</span><span class="cx">         return v8::Local&lt;v8::Function&gt;();
</span><span class="cx"> 
</span><del>-    v8::Handle&lt;v8::Context&gt; context = getWrapperContext(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; context = V8Proxy::context(frame);
</ins><span class="cx">     if (context.IsEmpty())
</span><span class="cx">         return v8::Local&lt;v8::Function&gt;();
</span><span class="cx">     // Enter the scope for this DOMWindow to get the correct constructor.
</span><span class="lines">@@ -641,7 +641,7 @@
</span><span class="cx">     // Get DOMWindow
</span><span class="cx">     if (!frame)
</span><span class="cx">         return; // Object might be detached from window
</span><del>-    v8::Handle&lt;v8::Context&gt; context = getWrapperContext(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; context = V8Proxy::context(frame);
</ins><span class="cx">     if (context.IsEmpty())
</span><span class="cx">         return;
</span><span class="cx"> 
</span><span class="lines">@@ -1165,7 +1165,7 @@
</span><span class="cx"> 
</span><span class="cx">     v8::Handle&lt;v8::Context&gt; context;
</span><span class="cx">     if (proxy)
</span><del>-        context = getWrapperContext(proxy-&gt;frame());
</del><ins>+        context = V8Proxy::context(proxy-&gt;frame());
</ins><span class="cx"> 
</span><span class="cx">     // Enter the node's context and create the wrapper in that context.
</span><span class="cx">     if (!context.IsEmpty())
</span><span class="lines">@@ -1425,7 +1425,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Otherwise, return the global object associated with this frame.
</span><del>-    v8::Handle&lt;v8::Context&gt; context = getWrapperContext(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; context = V8Proxy::context(frame);
</ins><span class="cx">     if (context.IsEmpty())
</span><span class="cx">         return v8::Handle&lt;v8::Object&gt;();
</span><span class="cx"> 
</span><span class="lines">@@ -1434,19 +1434,4 @@
</span><span class="cx">     return global;
</span><span class="cx"> }
</span><span class="cx"> 
</span><del>-v8::Handle&lt;v8::Context&gt; V8DOMWrapper::getWrapperContext(Frame* frame)
-{
-    v8::Handle&lt;v8::Context&gt; context = V8Proxy::context(frame);
-    if (context.IsEmpty())
-        return v8::Handle&lt;v8::Context&gt;();
-
-    if (V8IsolatedWorld* world = V8IsolatedWorld::getEntered()) {
-       context = world-&gt;context();
-       if (frame != V8Proxy::retrieveFrame(context))
-          return v8::Handle&lt;v8::Context&gt;();
-    }
-
-    return context;
-}
-
</del><span class="cx"> }  // namespace WebCore
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8DOMWrapperh"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8DOMWrapper.h (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8DOMWrapper.h        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8DOMWrapper.h        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -271,8 +271,6 @@
</span><span class="cx">         }
</span><span class="cx"> 
</span><span class="cx">         static v8::Local&lt;v8::Object&gt; instantiateV8Object(V8Proxy*, V8ClassIndex::V8WrapperType, V8ClassIndex::V8WrapperType, void*);
</span><del>-
-        static v8::Handle&lt;v8::Context&gt; getWrapperContext(Frame*);
</del><span class="cx">     };
</span><span class="cx"> 
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8Helperscpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8Helpers.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8Helpers.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8Helpers.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx"> v8::Local&lt;v8::Context&gt; toV8Context(NPP npp, NPObject* npObject)
</span><span class="cx"> {
</span><span class="cx">     V8NPObject* object = reinterpret_cast&lt;V8NPObject*&gt;(npObject);
</span><del>-    return V8Proxy::context(object-&gt;rootObject-&gt;frame());
</del><ins>+    return V8Proxy::mainWorldContext(object-&gt;rootObject-&gt;frame());
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> V8Proxy* toV8Proxy(NPObject* npObject)
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8LazyEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8LazyEventListener.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8LazyEventListener.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8LazyEventListener.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -77,7 +77,7 @@
</span><span class="cx">         v8::HandleScope handleScope;
</span><span class="cx"> 
</span><span class="cx">         // Use the outer scope to hold context.
</span><del>-        v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_frame);
</del><ins>+        v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(m_frame);
</ins><span class="cx">         // Bail out if we could not get the context.
</span><span class="cx">         if (v8Context.IsEmpty())
</span><span class="cx">             return v8::Local&lt;v8::Function&gt;();
</span><span class="lines">@@ -158,7 +158,7 @@
</span><span class="cx">         v8::HandleScope handleScope;
</span><span class="cx"> 
</span><span class="cx">         // Use the outer scope to hold context.
</span><del>-        v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(m_frame);
</del><ins>+        v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(m_frame);
</ins><span class="cx">         // Bail out if we cannot get the context.
</span><span class="cx">         if (v8Context.IsEmpty())
</span><span class="cx">             return v8::Local&lt;v8::Function&gt;();
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8Proxycpp"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8Proxy.cpp (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8Proxy.cpp        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8Proxy.cpp        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -1096,6 +1096,21 @@
</span><span class="cx"> 
</span><span class="cx"> v8::Local&lt;v8::Context&gt; V8Proxy::context(Frame* frame)
</span><span class="cx"> {
</span><ins>+    v8::Local&lt;v8::Context&gt; context = V8Proxy::mainWorldContext(frame);
+    if (context.IsEmpty())
+        return v8::Local&lt;v8::Context&gt;();
+
+    if (V8IsolatedWorld* world = V8IsolatedWorld::getEntered()) {
+        context = v8::Local&lt;v8::Context&gt;::New(world-&gt;context());
+        if (frame != V8Proxy::retrieveFrame(context))
+            return v8::Local&lt;v8::Context&gt;();
+    }
+
+    return context;
+}
+
+v8::Local&lt;v8::Context&gt; V8Proxy::mainWorldContext(Frame* frame)
+{
</ins><span class="cx">     V8Proxy* proxy = retrieve(frame);
</span><span class="cx">     if (!proxy)
</span><span class="cx">         return v8::Local&lt;v8::Context&gt;();
</span><span class="lines">@@ -1120,7 +1135,7 @@
</span><span class="cx"> void V8Proxy::bindJsObjectToWindow(Frame* frame, const char* name, int type, v8::Handle&lt;v8::FunctionTemplate&gt; descriptor, void* impl)
</span><span class="cx"> {
</span><span class="cx">     // Get environment.
</span><del>-    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::context(frame);
</del><ins>+    v8::Handle&lt;v8::Context&gt; v8Context = V8Proxy::mainWorldContext(frame);
</ins><span class="cx">     if (v8Context.IsEmpty())
</span><span class="cx">         return; // JS not enabled.
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkWebCorebindingsv8V8Proxyh"></a>
<div class="modfile"><h4>Modified: trunk/WebCore/bindings/v8/V8Proxy.h (46522 => 46523)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/WebCore/bindings/v8/V8Proxy.h        2009-07-29 07:25:44 UTC (rev 46522)
+++ trunk/WebCore/bindings/v8/V8Proxy.h        2009-07-29 07:59:40 UTC (rev 46523)
</span><span class="lines">@@ -286,6 +286,7 @@
</span><span class="cx">         // Returns V8 Context of a frame. If none exists, creates
</span><span class="cx">         // a new context. It is potentially slow and consumes memory.
</span><span class="cx">         static v8::Local&lt;v8::Context&gt; context(Frame*);
</span><ins>+        static v8::Local&lt;v8::Context&gt; mainWorldContext(Frame*);
</ins><span class="cx">         static v8::Local&lt;v8::Context&gt; currentContext();
</span><span class="cx"> 
</span><span class="cx">         // If the current context causes out of memory, JavaScript setting
</span></span></pre>
</div>
</div>

</body>
</html>