<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[186331] releases/WebKitGTK/webkit-2.8</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/186331">186331</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-07-06 02:44:12 -0700 (Mon, 06 Jul 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/184846">r184846</a> - Crash when using a removed ScriptMessageHandler
<rdar://problem/20888499>
https://bugs.webkit.org/show_bug.cgi?id=145359
Reviewed by Dan Bernstein.
Source/WebCore:
Added tests:
WKUserContentController.ScriptMessageHandlerBasicRemove
WKUserContentController.ScriptMessageHandlerCallRemovedHandler
* page/UserMessageHandler.cpp:
(WebCore::UserMessageHandler::~UserMessageHandler):
(WebCore::UserMessageHandler::postMessage):
(WebCore::UserMessageHandler::name):
* page/UserMessageHandler.h:
(WebCore::UserMessageHandler::create):
* page/UserMessageHandler.idl:
* page/UserMessageHandlerDescriptor.cpp:
(WebCore::UserMessageHandlerDescriptor::UserMessageHandlerDescriptor):
* page/UserMessageHandlerDescriptor.h:
(WebCore::UserMessageHandlerDescriptor::client):
(WebCore::UserMessageHandlerDescriptor::invalidateClient):
Add support for invalidating the descriptor and throw an exception if someone tries
to post a message using an invalidated descriptor.
* page/UserMessageHandlersNamespace.cpp:
(WebCore::UserMessageHandlersNamespace::handler):
Add logic to remove message handlers if their descriptor has been invalidated.
Source/WebKit2:
* WebProcess/UserContent/WebUserContentController.cpp:
(WebKit::WebUserMessageHandlerDescriptorProxy::~WebUserMessageHandlerDescriptorProxy):
Invalidate the descriptor when the message handler client (as implemented by WebUserMessageHandlerDescriptorProxy)
goes away. This will happen if a script message handler is removed at the API level or the WebUserContentController
is destroyed (which will happen if all the pages get destroyed).
Tools:
* TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
Add tests for removing script message handlers.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorebindingsgobjectWebKitDOMCustomcpp">releases/WebKitGTK/webkit-2.8/Source/WebCore/bindings/gobject/WebKitDOMCustom.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlercpp">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerh">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandleridl">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.idl</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerDescriptorcpp">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerDescriptorh">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.h</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlersNamespacecpp">releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlersNamespace.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebKit2ChangeLog">releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28SourceWebKit2WebProcessUserContentWebUserContentControllercpp">releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/UserContent/WebUserContentController.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit28ToolsChangeLog">releases/WebKitGTK/webkit-2.8/Tools/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit28ToolsTestWebKitAPITestsWebKit2CocoaUserContentControllermm">releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm</a></li>
<li><a href="#releasesWebKitGTKwebkit28ToolsTestWebKitAPITestsWebKit2GtkWebExtensionTestcpp">releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Gtk/WebExtensionTest.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit28SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -1,3 +1,34 @@
</span><ins>+2015-05-24 Sam Weinig <sam@webkit.org>
+
+ Crash when using a removed ScriptMessageHandler
+ <rdar://problem/20888499>
+ https://bugs.webkit.org/show_bug.cgi?id=145359
+
+ Reviewed by Dan Bernstein.
+
+ Added tests:
+ WKUserContentController.ScriptMessageHandlerBasicRemove
+ WKUserContentController.ScriptMessageHandlerCallRemovedHandler
+
+ * page/UserMessageHandler.cpp:
+ (WebCore::UserMessageHandler::~UserMessageHandler):
+ (WebCore::UserMessageHandler::postMessage):
+ (WebCore::UserMessageHandler::name):
+ * page/UserMessageHandler.h:
+ (WebCore::UserMessageHandler::create):
+ * page/UserMessageHandler.idl:
+ * page/UserMessageHandlerDescriptor.cpp:
+ (WebCore::UserMessageHandlerDescriptor::UserMessageHandlerDescriptor):
+ * page/UserMessageHandlerDescriptor.h:
+ (WebCore::UserMessageHandlerDescriptor::client):
+ (WebCore::UserMessageHandlerDescriptor::invalidateClient):
+ Add support for invalidating the descriptor and throw an exception if someone tries
+ to post a message using an invalidated descriptor.
+
+ * page/UserMessageHandlersNamespace.cpp:
+ (WebCore::UserMessageHandlersNamespace::handler):
+ Add logic to remove message handlers if their descriptor has been invalidated.
+
</ins><span class="cx"> 2015-05-22 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> Document::ensurePlugInsInjectedScript() should evaluate the injected script on its own frame.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorebindingsgobjectWebKitDOMCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/bindings/gobject/WebKitDOMCustom.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/bindings/gobject/WebKitDOMCustom.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/bindings/gobject/WebKitDOMCustom.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -86,7 +86,11 @@
</span><span class="cx"> return FALSE;
</span><span class="cx">
</span><span class="cx"> WebCore::JSMainThreadNullState state;
</span><del>- handler->postMessage(WebCore::SerializedScriptValue::create(String::fromUTF8(message)));
</del><ins>+ WebCore::ExceptionCode ec = 0;
+ handler->postMessage(WebCore::SerializedScriptValue::create(String::fromUTF8(message)), ec);
+ if (ec)
+ return FALSE;
+
</ins><span class="cx"> return TRUE;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if ENABLE(USER_MESSAGE_HANDLERS)
</span><span class="cx">
</span><ins>+#include "ExceptionCode.h"
</ins><span class="cx"> #include "Frame.h"
</span><span class="cx"> #include "SerializedScriptValue.h"
</span><span class="cx">
</span><span class="lines">@@ -43,9 +44,16 @@
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void UserMessageHandler::postMessage(PassRefPtr<SerializedScriptValue> value)
</del><ins>+void UserMessageHandler::postMessage(PassRefPtr<SerializedScriptValue> value, ExceptionCode& ec)
</ins><span class="cx"> {
</span><del>- m_descriptor->client().didPostMessage(*this, value.get());
</del><ins>+ // Check to see if the descriptor has been removed. This can happen if the host application has
+ // removed the named message handler at the WebKit2 API level.
+ if (!m_descriptor->client()) {
+ ec = INVALID_ACCESS_ERR;
+ return;
+ }
+
+ m_descriptor->client()->didPostMessage(*this, value.get());
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> const AtomicString& UserMessageHandler::name()
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.h (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.h        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.h        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -34,6 +34,8 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><ins>+typedef int ExceptionCode;
+
</ins><span class="cx"> class UserMessageHandler : public RefCounted<UserMessageHandler>, public FrameDestructionObserver {
</span><span class="cx"> public:
</span><span class="cx"> static Ref<UserMessageHandler> create(Frame& frame, UserMessageHandlerDescriptor& descriptor)
</span><span class="lines">@@ -42,7 +44,7 @@
</span><span class="cx"> }
</span><span class="cx"> virtual ~UserMessageHandler();
</span><span class="cx">
</span><del>- void postMessage(PassRefPtr<SerializedScriptValue>);
</del><ins>+ void postMessage(PassRefPtr<SerializedScriptValue>, ExceptionCode&);
</ins><span class="cx">
</span><span class="cx"> const AtomicString& name();
</span><span class="cx"> DOMWrapperWorld& world();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandleridl"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.idl (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.idl        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandler.idl        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -26,5 +26,5 @@
</span><span class="cx"> [
</span><span class="cx"> Conditional=USER_MESSAGE_HANDLERS
</span><span class="cx"> ] interface UserMessageHandler {
</span><del>- void postMessage(SerializedScriptValue message);
</del><ins>+ [RaisesException] void postMessage(SerializedScriptValue message);
</ins><span class="cx"> };
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerDescriptorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -35,7 +35,7 @@
</span><span class="cx"> UserMessageHandlerDescriptor::UserMessageHandlerDescriptor(const AtomicString& name, DOMWrapperWorld& world, Client& client)
</span><span class="cx"> : m_name(name)
</span><span class="cx"> , m_world(world)
</span><del>- , m_client(client)
</del><ins>+ , m_client(&client)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlerDescriptorh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.h (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.h        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlerDescriptor.h        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -56,15 +56,16 @@
</span><span class="cx">
</span><span class="cx"> const AtomicString& name();
</span><span class="cx"> DOMWrapperWorld& world();
</span><del>-
- Client& client() const { return m_client; }
</del><span class="cx">
</span><ins>+ Client* client() const { return m_client; }
+ void invalidateClient() { m_client = nullptr; }
+
</ins><span class="cx"> private:
</span><span class="cx"> WEBCORE_EXPORT explicit UserMessageHandlerDescriptor(const AtomicString&, DOMWrapperWorld&, Client&);
</span><del>-
</del><ins>+
</ins><span class="cx"> AtomicString m_name;
</span><span class="cx"> Ref<DOMWrapperWorld> m_world;
</span><del>- Client& m_client;
</del><ins>+ Client* m_client;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebCorepageUserMessageHandlersNamespacecpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlersNamespace.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlersNamespace.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/page/UserMessageHandlersNamespace.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -46,13 +46,6 @@
</span><span class="cx">
</span><span class="cx"> UserMessageHandler* UserMessageHandlersNamespace::handler(const AtomicString& name, DOMWrapperWorld& world)
</span><span class="cx"> {
</span><del>- // First, check if we have a handler instance already.
- for (auto& handler : m_messageHandlers) {
- if (handler->name() == name && &handler->world() == &world)
- return &handler.get();
- }
-
- // Second, attempt to create a handler instance from a descriptor.
</del><span class="cx"> if (!frame())
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><span class="lines">@@ -69,9 +62,18 @@
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><span class="cx"> RefPtr<UserMessageHandlerDescriptor> descriptor = userMessageHandlerDescriptors->get(std::make_pair(name, &world));
</span><del>- if (!descriptor)
</del><ins>+ if (!descriptor) {
+ m_messageHandlers.removeFirstMatching([&name, &world](Ref<UserMessageHandler>& handler) {
+ return handler->name() == name && &handler->world() == &world;
+ });
</ins><span class="cx"> return nullptr;
</span><ins>+ }
</ins><span class="cx">
</span><ins>+ for (auto& handler : m_messageHandlers) {
+ if (handler->name() == name && &handler->world() == &world)
+ return &handler.get();
+ }
+
</ins><span class="cx"> m_messageHandlers.append(UserMessageHandler::create(*frame(), *descriptor));
</span><span class="cx"> return &m_messageHandlers.last().get();
</span><span class="cx"> }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/ChangeLog        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2015-05-24 Sam Weinig <sam@webkit.org>
+
+ Crash when using a removed ScriptMessageHandler
+ <rdar://problem/20888499>
+ https://bugs.webkit.org/show_bug.cgi?id=145359
+
+ Reviewed by Dan Bernstein.
+
+ * WebProcess/UserContent/WebUserContentController.cpp:
+ (WebKit::WebUserMessageHandlerDescriptorProxy::~WebUserMessageHandlerDescriptorProxy):
+ Invalidate the descriptor when the message handler client (as implemented by WebUserMessageHandlerDescriptorProxy)
+ goes away. This will happen if a script message handler is removed at the API level or the WebUserContentController
+ is destroyed (which will happen if all the pages get destroyed).
+
</ins><span class="cx"> 2015-05-20 Gavin Barraclough <barraclough@apple.com>
</span><span class="cx">
</span><span class="cx"> dispatchViewStateChange should not wait for sync reply if the page isn't visible
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28SourceWebKit2WebProcessUserContentWebUserContentControllercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/UserContent/WebUserContentController.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/UserContent/WebUserContentController.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Source/WebKit2/WebProcess/UserContent/WebUserContentController.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -116,6 +116,7 @@
</span><span class="cx">
</span><span class="cx"> virtual ~WebUserMessageHandlerDescriptorProxy()
</span><span class="cx"> {
</span><ins>+ m_descriptor->invalidateClient();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> // WebCore::UserMessageHandlerDescriptor::Client
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28ToolsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Tools/ChangeLog (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Tools/ChangeLog        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Tools/ChangeLog        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -1,3 +1,14 @@
</span><ins>+2015-05-24 Sam Weinig <sam@webkit.org>
+
+ Crash when using a removed ScriptMessageHandler
+ <rdar://problem/20888499>
+ https://bugs.webkit.org/show_bug.cgi?id=145359
+
+ Reviewed by Dan Bernstein.
+
+ * TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm:
+ Add tests for removing script message handlers.
+
</ins><span class="cx"> 2015-05-07 Ada Chan <adachan@apple.com>
</span><span class="cx">
</span><span class="cx"> Add a test for WKPageCopySessionState() with filtering.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28ToolsTestWebKitAPITestsWebKit2CocoaUserContentControllermm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/UserContentController.mm        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -62,7 +62,7 @@
</span><span class="cx">
</span><span class="cx"> @end
</span><span class="cx">
</span><del>-TEST(WKUserContentController, ScriptMessageHandlerSimple)
</del><ins>+TEST(WKUserContentController, ScriptMessageHandlerBasicPost)
</ins><span class="cx"> {
</span><span class="cx"> RetainPtr<ScriptMessageHandler> handler = adoptNS([[ScriptMessageHandler alloc] init]);
</span><span class="cx"> RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
</span><span class="lines">@@ -87,6 +87,91 @@
</span><span class="cx"> EXPECT_WK_STREQ(@"Hello", (NSString *)[lastScriptMessage body]);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+TEST(WKUserContentController, ScriptMessageHandlerBasicRemove)
+{
+ RetainPtr<ScriptMessageHandler> handler = adoptNS([[ScriptMessageHandler alloc] init]);
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ RetainPtr<WKUserContentController> userContentController = [configuration userContentController];
+ [userContentController addScriptMessageHandler:handler.get() name:@"handlerToRemove"];
+ [userContentController addScriptMessageHandler:handler.get() name:@"handlerToPost"];
+
+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+ RetainPtr<SimpleNavigationDelegate> delegate = adoptNS([[SimpleNavigationDelegate alloc] init]);
+ [webView setNavigationDelegate:delegate.get()];
+
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+
+ [webView loadRequest:request];
+
+ TestWebKitAPI::Util::run(&isDoneWithNavigation);
+
+ // Test that handlerToRemove was succesfully added.
+ [webView evaluateJavaScript:
+ @"if (window.webkit.messageHandlers.handlerToRemove) {"
+ " window.webkit.messageHandlers.handlerToPost.postMessage('PASS');"
+ "} else {"
+ " window.webkit.messageHandlers.handlerToPost.postMessage('FAIL');"
+ "}" completionHandler:nil];
+
+ TestWebKitAPI::Util::run(&receivedScriptMessage);
+ receivedScriptMessage = false;
+
+ EXPECT_WK_STREQ(@"PASS", (NSString *)[lastScriptMessage body]);
+
+ [userContentController removeScriptMessageHandlerForName:@"handlerToRemove"];
+
+ // Test that handlerToRemove has been removed.
+ [webView evaluateJavaScript:
+ @"if (window.webkit.messageHandlers.handlerToRemove) {"
+ " window.webkit.messageHandlers.handlerToPost.postMessage('FAIL');"
+ "} else {"
+ " window.webkit.messageHandlers.handlerToPost.postMessage('PASS');"
+ "}" completionHandler:nil];
+
+ TestWebKitAPI::Util::run(&receivedScriptMessage);
+ receivedScriptMessage = false;
+
+ EXPECT_WK_STREQ(@"PASS", (NSString *)[lastScriptMessage body]);
+}
+
+TEST(WKUserContentController, ScriptMessageHandlerCallRemovedHandler)
+{
+ RetainPtr<ScriptMessageHandler> handler = adoptNS([[ScriptMessageHandler alloc] init]);
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ RetainPtr<WKUserContentController> userContentController = [configuration userContentController];
+ [userContentController addScriptMessageHandler:handler.get() name:@"handlerToRemove"];
+ [userContentController addScriptMessageHandler:handler.get() name:@"handlerToPost"];
+
+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+ RetainPtr<SimpleNavigationDelegate> delegate = adoptNS([[SimpleNavigationDelegate alloc] init]);
+ [webView setNavigationDelegate:delegate.get()];
+
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+
+ [webView loadRequest:request];
+
+ TestWebKitAPI::Util::run(&isDoneWithNavigation);
+
+ [webView evaluateJavaScript:@"var handlerToRemove = window.webkit.messageHandlers.handlerToRemove;" completionHandler:nil];
+
+ [userContentController removeScriptMessageHandlerForName:@"handlerToRemove"];
+
+ // Test that we throw an exception if you try to use a message handler that has been removed.
+ [webView evaluateJavaScript:
+ @"try {"
+ " handlerToRemove.postMessage('FAIL');"
+ "} catch (e) {"
+ " window.webkit.messageHandlers.handlerToPost.postMessage('PASS');"
+ "}" completionHandler:nil];
+
+ TestWebKitAPI::Util::run(&receivedScriptMessage);
+ receivedScriptMessage = false;
+
+ EXPECT_WK_STREQ(@"PASS", (NSString *)[lastScriptMessage body]);
+}
+
</ins><span class="cx"> #if !PLATFORM(IOS) // FIXME: hangs in the iOS simulator
</span><span class="cx"> TEST(WKUserContentController, ScriptMessageHandlerWithNavigation)
</span><span class="cx"> {
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit28ToolsTestWebKitAPITestsWebKit2GtkWebExtensionTestcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Gtk/WebExtensionTest.cpp (186330 => 186331)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Gtk/WebExtensionTest.cpp        2015-07-06 09:41:04 UTC (rev 186330)
+++ releases/WebKitGTK/webkit-2.8/Tools/TestWebKitAPI/Tests/WebKit2Gtk/WebExtensionTest.cpp        2015-07-06 09:44:12 UTC (rev 186331)
</span><span class="lines">@@ -106,7 +106,7 @@
</span><span class="cx"> if (WebKitDOMWebKitNamespace* webkit = webkit_dom_dom_window_get_webkit_namespace(window.get())) {
</span><span class="cx"> WebKitDOMUserMessageHandlersNamespace* messageHandlers = webkit_dom_webkit_namespace_get_message_handlers(webkit);
</span><span class="cx"> if (WebKitDOMUserMessageHandler* handler = webkit_dom_user_message_handlers_namespace_get_handler(messageHandlers, "dom"))
</span><del>- webkit_dom_user_message_handler_post_message(handler, "DocumentLoaded");
</del><ins>+ webkit_dom_user_message_handler_post_message(handler, "DocumentLoaded", nullptr);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> webkit_dom_dom_window_webkit_message_handlers_post_message(window.get(), "dom-convenience", "DocumentLoaded");
</span></span></pre>
</div>
</div>
</body>
</html>