<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[199489] releases/WebKitGTK/webkit-2.12</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/199489">199489</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2016-04-13 08:18:09 -0700 (Wed, 13 Apr 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/199087">r199087</a> - MessageEvent.source window is incorrect once window has been reified
https://bugs.webkit.org/show_bug.cgi?id=156227
<rdar://problem/25545831>
Reviewed by Mark Lam.
Source/WebCore:
MessageEvent.source window was incorrect once window had been reified.
If the Window had not been reified, we kept constructing new
postMessage() functions when calling window.postMessage(). We used to
pass activeDOMWindow(execState) as source Window to
DOMWindow::postMessage(). activeDOMWindow() uses
exec->lexicalGlobalObject() which did the right thing because we
used to construct a new postMessage() function in the caller's context.
However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
was implemented, we would stop constructing new postMessage() functions
when calling window.postMessage(). As a result, the source window would
become incorrect because exec->lexicalGlobalObject() would return the
target Window instead.
In this patch, the following is done:
1. Stop constructing a new function every time in the same origin case
for postMessage, blur, focus and close. This was inefficient and lead
to incorrect behavior:
- The behavior would differ depending if the Window is reified or not
- It would be impossible to delete those operations, which is
incompatible with the specification and other browsers (tested
Firefox and Chrome).
2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
is a new utility function that returns the caller's Window object.
Tests: fast/dom/Window/delete-operations.html
fast/dom/Window/messageevent-source-postmessage-reified.html
fast/dom/Window/messageevent-source-postmessage.html
fast/dom/Window/messageevent-source-postmessage2.html
fast/dom/Window/window-postmessage-clone-frames.html
fast/dom/Window/post-message-crash2.html
* bindings/js/JSDOMBinding.cpp:
(WebCore::GetCallerCodeBlockFunctor::operator()):
(WebCore::GetCallerCodeBlockFunctor::codeBlock):
(WebCore::callerDOMWindow):
* bindings/js/JSDOMBinding.h:
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::handlePostMessage):
LayoutTests:
Add tests that cover using MessageEvent.source Window for messaging
using postMessage(). There are 2 versions of the test, one where the
main window is reified and one where it is not. The test that has a
reified main window was failing because this fix.
* fast/dom/Window/delete-operations-expected.txt: Added.
* fast/dom/Window/delete-operations.html: Added.
Make sure that operations on Window are indeed deletable. Previously,
it would be impossible to delete postMessage, blur, focus and close.
* fast/dom/Window/messageevent-source-postmessage-expected.txt: Added.
* fast/dom/Window/messageevent-source-postmessage-reified-expected.txt: Added.
* fast/dom/Window/messageevent-source-postmessage-reified.html: Added.
* fast/dom/Window/messageevent-source-postmessage.html: Added.
* fast/dom/Window/messageevent-source-postmessage2.html: Added.
* fast/dom/Window/resources/messageevent-source-postmessage-frame.html: Added.
* fast/dom/Window/post-message-crash2-expected.txt: Added.
* fast/dom/Window/post-message-crash2.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMBindingcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMBindingh">releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.h</a></li>
<li><a href="#releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMWindowCustomcpp">releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowdeleteoperationsexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowdeleteoperationshtml">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessageexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagereifiedexpectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagereifiedhtml">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagehtml">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessage2expectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessage2html">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowpostmessagecrash2expectedtxt">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowpostmessagecrash2html">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2.html</a></li>
<li><a href="#releasesWebKitGTKwebkit212LayoutTestsfastdomWindowresourcesmessageeventsourcepostmessageframehtml">releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/resources/messageevent-source-postmessage-frame.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit212LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (199488 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-13 15:06:08 UTC (rev 199488)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -1,5 +1,32 @@
</span><span class="cx"> 2016-04-05 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><ins>+ MessageEvent.source window is incorrect once window has been reified
+ https://bugs.webkit.org/show_bug.cgi?id=156227
+ <rdar://problem/25545831>
+
+ Reviewed by Mark Lam.
+
+ Add tests that cover using MessageEvent.source Window for messaging
+ using postMessage(). There are 2 versions of the test, one where the
+ main window is reified and one where it is not. The test that has a
+ reified main window was failing because this fix.
+
+ * fast/dom/Window/delete-operations-expected.txt: Added.
+ * fast/dom/Window/delete-operations.html: Added.
+ Make sure that operations on Window are indeed deletable. Previously,
+ it would be impossible to delete postMessage, blur, focus and close.
+
+ * fast/dom/Window/messageevent-source-postmessage-expected.txt: Added.
+ * fast/dom/Window/messageevent-source-postmessage-reified-expected.txt: Added.
+ * fast/dom/Window/messageevent-source-postmessage-reified.html: Added.
+ * fast/dom/Window/messageevent-source-postmessage.html: Added.
+ * fast/dom/Window/messageevent-source-postmessage2.html: Added.
+ * fast/dom/Window/resources/messageevent-source-postmessage-frame.html: Added.
+ * fast/dom/Window/post-message-crash2-expected.txt: Added.
+ * fast/dom/Window/post-message-crash2.html: Added.
+
+2016-04-05 Chris Dumez <cdumez@apple.com>
+
</ins><span class="cx"> We sometimes fail to remove outdated entry from the disk cache after revalidation and when the resource is no longer cacheable
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=156048
</span><span class="cx"> <rdar://problem/25514480>
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowdeleteoperationsexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations-expected.txt (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations-expected.txt 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,75 @@
</span><ins>+Tests deleting window operations works as expected
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS window.postMessage is an instance of Function
+window.postMessage = 1
+PASS window.postMessage is 1
+PASS delete window.postMessage is true
+PASS window.postMessage is undefined.
+
+PASS window.focus is an instance of Function
+window.focus = 1
+PASS window.focus is 1
+PASS delete window.focus is true
+PASS window.focus is undefined.
+
+PASS window.blur is an instance of Function
+window.blur = 1
+PASS window.blur is 1
+PASS delete window.blur is true
+PASS window.blur is undefined.
+
+PASS window.close is an instance of Function
+window.close = 1
+PASS window.close is 1
+PASS delete window.close is true
+PASS window.close is undefined.
+
+PASS window.open is an instance of Function
+window.open = 1
+PASS window.open is 1
+PASS delete window.open is true
+PASS window.open is undefined.
+
+PASS window.showModalDialog is an instance of Function
+window.showModalDialog = 1
+PASS window.showModalDialog is 1
+PASS delete window.showModalDialog is true
+PASS window.showModalDialog is undefined.
+
+PASS window.alert is an instance of Function
+window.alert = 1
+PASS window.alert is 1
+PASS delete window.alert is true
+PASS window.alert is undefined.
+
+PASS window.confirm is an instance of Function
+window.confirm = 1
+PASS window.confirm is 1
+PASS delete window.confirm is true
+PASS window.confirm is undefined.
+
+PASS window.prompt is an instance of Function
+window.prompt = 1
+PASS window.prompt is 1
+PASS delete window.prompt is true
+PASS window.prompt is undefined.
+
+PASS window.stop is an instance of Function
+window.stop = 1
+PASS window.stop is 1
+PASS delete window.stop is true
+PASS window.stop is undefined.
+
+PASS window.scroll is an instance of Function
+window.scroll = 1
+PASS window.scroll is 1
+PASS delete window.scroll is true
+PASS window.scroll is undefined.
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowdeleteoperationshtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/delete-operations.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+<!DOCTYPE html>
+<body>
+<script src="../../../resources/js-test-pre.js"></script>
+<script>
+description("Tests deleting window operations works as expected");
+
+function testFunction(functionName)
+{
+ shouldBeType("window." + functionName, "Function");
+ evalAndLog("window." + functionName + " = 1");
+ shouldBe("window." + functionName, "1");
+ shouldBeTrue("delete window." + functionName);
+ shouldBeUndefined("window." + functionName);
+ debug("");
+}
+
+testFunction("postMessage");
+testFunction("focus");
+testFunction("blur");
+testFunction("close");
+testFunction("open");
+testFunction("showModalDialog");
+testFunction("alert");
+testFunction("confirm");
+testFunction("prompt");
+testFunction("stop");
+testFunction("scroll");
+
+</script>
+<script src="../../../resources/js-test-post.js"></script>
+</body>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessageexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-expected.txt (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-expected.txt 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+Tests that MessageEvent.source is correct and can be used for messaging.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+* Sending message 1 to child
+* Parent received message 2 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+* Sending message 3 to child
+* Parent received message 4 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+* Sending message 5 to child
+* Parent received message 6 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+* Child received message 1 from parent
+PASS messageEvent.source is parent
+* Sending message 2 to parent
+* Child received message 3 from parent
+PASS messageEvent.source is parent
+* Sending message 4 to parent
+* Child received message 5 from parent
+PASS messageEvent.source is parent
+* Sending message 6 to parent
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagereifiedexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified-expected.txt (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified-expected.txt 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+Tests that MessageEvent.source is correct and can be used for messaging (reified Window case).
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+* Sending message 1 to child
+* Parent received message 2 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+* Sending message 3 to child
+* Parent received message 4 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+* Sending message 5 to child
+* Parent received message 6 from child
+PASS messageEvent.source is frames[0]
+PASS messageEvent.data is counter + 1
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+* Child received message 1 from parent
+PASS messageEvent.source is parent
+* Sending message 2 to parent
+* Child received message 3 from parent
+PASS messageEvent.source is parent
+* Sending message 4 to parent
+* Child received message 5 from parent
+PASS messageEvent.source is parent
+* Sending message 6 to parent
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagereifiedhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage-reified.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,42 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<script src="../../../resources/js-test-pre.js"></script>
+<body onload="runTest()">
+<script>
+description("Tests that MessageEvent.source is correct and can be used for messaging (reified Window case).");
+jsTestIsAsync = true;
+
+// Reify the window.
+window.test = 1;
+delete window.test;
+
+if (window.testRunner)
+ testRunner.dumpChildFramesAsText();
+
+counter = 1;
+
+window.onmessage = function(e) {
+ debug("* Parent received message " + e.data + " from child");
+ messageEvent = e;
+ shouldBe("messageEvent.source", "frames[0]");
+ shouldBe("messageEvent.data", "counter + 1");
+ if (messageEvent.data > 5) {
+ finishJSTest();
+ return;
+ }
+ counter = messageEvent.data + 1;
+ debug("* Sending message " + counter + " to child");
+ messageEvent.source.postMessage(counter, "*");
+}
+
+function runTest()
+{
+ debug("* Sending message " + counter + " to child");
+ frames[0].postMessage(counter, "*");
+}
+
+</script>
+<iframe src="resources/messageevent-source-postmessage-frame.html"></iframe>
+<script src="../../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessagehtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,38 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<script src="../../../resources/js-test-pre.js"></script>
+<body onload="runTest()">
+<script>
+description("Tests that MessageEvent.source is correct and can be used for messaging.");
+jsTestIsAsync = true;
+
+if (window.testRunner)
+ testRunner.dumpChildFramesAsText();
+
+counter = 1;
+
+window.onmessage = function(e) {
+ debug("* Parent received message " + e.data + " from child");
+ messageEvent = e;
+ shouldBe("messageEvent.source", "frames[0]");
+ shouldBe("messageEvent.data", "counter + 1");
+ if (messageEvent.data > 5) {
+ finishJSTest();
+ return;
+ }
+ counter = messageEvent.data + 1;
+ debug("* Sending message " + counter + " to child");
+ messageEvent.source.postMessage(counter, "*");
+}
+
+function runTest()
+{
+ debug("* Sending message " + counter + " to child");
+ frames[0].postMessage(counter, "*");
+}
+
+</script>
+<iframe src="resources/messageevent-source-postmessage-frame.html"></iframe>
+<script src="../../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessage2expectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2-expected.txt (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2-expected.txt 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+Checks that MessageEvent.source window is correct when postMessage() is called cross-frame via a function in the other frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS messageEvent.data is "msg"
+PASS messageEvent.source is frames[0]
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowmessageeventsourcepostmessage2html"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/messageevent-source-postmessage2.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+<!DOCTYPE html>
+<body>
+<script src="../../../resources/js-test-pre.js"></script>
+<script>
+description("Checks that MessageEvent.source window is correct when postMessage() is called cross-frame via a function in the other frame.");
+jsTestIsAsync = true;
+
+window.onmessage = function(e) {
+ messageEvent = e;
+ shouldBeEqualToString("messageEvent.data", "msg");
+ shouldBe("messageEvent.source", "frames[0]");
+ finishJSTest();
+}
+
+onload = function()
+{
+ frames[0].sendMessage();
+}
+</script>
+<iframe srcdoc="<script>function sendMessage() { parent.postMessage('msg', '*'); }</script>"></iframe>
+<script src="../../../resources/js-test-post.js"></script>
+</body>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowpostmessagecrash2expectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2-expected.txt (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2-expected.txt 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,11 @@
</span><ins>+This ensures that postMessage called in a callback does not crash.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS messageEvent.data is "msg"
+PASS messageEvent.source is window
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowpostmessagecrash2html"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/post-message-crash2.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,21 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<script src="../../../resources/js-test-pre.js"></script>
+<script>
+description("This ensures that postMessage called in a callback does not crash.");
+jsTestIsAsync = true;
+
+window.onmessage = function(e) {
+ messageEvent = e;
+ shouldBeEqualToString("messageEvent.data", "msg");
+ shouldBe("messageEvent.source", "window");
+ finishJSTest();
+}
+
+var boundPostMessage = window.postMessage.bind(window, "msg", "*");
+setTimeout(boundPostMessage, 0);
+</script>
+<script src="../../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212LayoutTestsfastdomWindowresourcesmessageeventsourcepostmessageframehtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/resources/messageevent-source-postmessage-frame.html (0 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/resources/messageevent-source-postmessage-frame.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/fast/dom/Window/resources/messageevent-source-postmessage-frame.html 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -0,0 +1,16 @@
</span><ins>+<!DOCTYPE html>
+<body>
+<script src="../../../../resources/js-test-pre.js"></script>
+<script>
+jsTestIsAsync = true;
+
+window.onmessage = function(e) {
+ debug("* Child received message " + e.data + " from parent");
+ messageEvent = e;
+ shouldBe("messageEvent.source", "parent");
+ debug("* Sending message " + (e.data + 1) + " to parent");
+ messageEvent.source.postMessage(e.data + 1, "*");
+}
+</script>
+<script src="../../../../resources/js-test-post.js"></script>
+</body>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (199488 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-13 15:06:08 UTC (rev 199488)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -1,3 +1,53 @@
</span><ins>+2016-04-05 Chris Dumez <cdumez@apple.com>
+
+ MessageEvent.source window is incorrect once window has been reified
+ https://bugs.webkit.org/show_bug.cgi?id=156227
+ <rdar://problem/25545831>
+
+ Reviewed by Mark Lam.
+
+ MessageEvent.source window was incorrect once window had been reified.
+
+ If the Window had not been reified, we kept constructing new
+ postMessage() functions when calling window.postMessage(). We used to
+ pass activeDOMWindow(execState) as source Window to
+ DOMWindow::postMessage(). activeDOMWindow() uses
+ exec->lexicalGlobalObject() which did the right thing because we
+ used to construct a new postMessage() function in the caller's context.
+
+ However, after reification, due to the way JSDOMWindow::getOwnPropertySlot()
+ was implemented, we would stop constructing new postMessage() functions
+ when calling window.postMessage(). As a result, the source window would
+ become incorrect because exec->lexicalGlobalObject() would return the
+ target Window instead.
+
+ In this patch, the following is done:
+ 1. Stop constructing a new function every time in the same origin case
+ for postMessage, blur, focus and close. This was inefficient and lead
+ to incorrect behavior:
+ - The behavior would differ depending if the Window is reified or not
+ - It would be impossible to delete those operations, which is
+ incompatible with the specification and other browsers (tested
+ Firefox and Chrome).
+ 2. Use callerDOMWindow(execState) instead of activeDOMWindow(execState)
+ as source Window in JSDOMWindow::handlePostMessage(). callerDOMWindow()
+ is a new utility function that returns the caller's Window object.
+
+ Tests: fast/dom/Window/delete-operations.html
+ fast/dom/Window/messageevent-source-postmessage-reified.html
+ fast/dom/Window/messageevent-source-postmessage.html
+ fast/dom/Window/messageevent-source-postmessage2.html
+ fast/dom/Window/window-postmessage-clone-frames.html
+ fast/dom/Window/post-message-crash2.html
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::GetCallerCodeBlockFunctor::operator()):
+ (WebCore::GetCallerCodeBlockFunctor::codeBlock):
+ (WebCore::callerDOMWindow):
+ * bindings/js/JSDOMBinding.h:
+ * bindings/js/JSDOMWindowCustom.cpp:
+ (WebCore::handlePostMessage):
+
</ins><span class="cx"> 2016-04-04 Zan Dobersek <zdobersek@igalia.com>
</span><span class="cx">
</span><span class="cx"> [TexMap] Improve viewport array access in TextureMapperGL::bindDefaultSurface()
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMBindingcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.cpp (199488 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-04-13 15:06:08 UTC (rev 199488)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "JSDOMWindowCustom.h"
</span><span class="cx"> #include "JSExceptionBase.h"
</span><span class="cx"> #include "SecurityOrigin.h"
</span><ins>+#include <bytecode/CodeBlock.h>
</ins><span class="cx"> #include <inspector/ScriptCallStack.h>
</span><span class="cx"> #include <inspector/ScriptCallStackFactory.h>
</span><span class="cx"> #include <interpreter/Interpreter.h>
</span><span class="lines">@@ -550,6 +551,40 @@
</span><span class="cx"> return n;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+class GetCallerGlobalObjectFunctor {
+public:
+ GetCallerGlobalObjectFunctor() = default;
+
+ StackVisitor::Status operator()(StackVisitor& visitor) const
+ {
+ if (!m_hasSkippedFirstFrame) {
+ m_hasSkippedFirstFrame = true;
+ return StackVisitor::Continue;
+ }
+
+ if (auto* codeBlock = visitor->codeBlock())
+ m_globalObject = codeBlock->globalObject();
+ else {
+ ASSERT(visitor->callee());
+ m_globalObject = visitor->callee()->globalObject();
+ }
+ return StackVisitor::Done;
+ }
+
+ JSGlobalObject* globalObject() const { return m_globalObject; }
+
+private:
+ mutable bool m_hasSkippedFirstFrame { false };
+ mutable JSGlobalObject* m_globalObject { nullptr };
+};
+
+DOMWindow& callerDOMWindow(ExecState* exec)
+{
+ GetCallerGlobalObjectFunctor iter;
+ exec->iterate(iter);
+ return iter.globalObject() ? asJSDOMWindow(iter.globalObject())->wrapped() : firstDOMWindow(exec);
+}
+
</ins><span class="cx"> DOMWindow& activeDOMWindow(ExecState* exec)
</span><span class="cx"> {
</span><span class="cx"> return asJSDOMWindow(exec->lexicalGlobalObject())->wrapped();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMBindingh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.h (199488 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.h 2016-04-13 15:06:08 UTC (rev 199488)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMBinding.h 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -78,6 +78,7 @@
</span><span class="cx">
</span><span class="cx"> typedef int ExceptionCode;
</span><span class="cx">
</span><ins>+DOMWindow& callerDOMWindow(JSC::ExecState*);
</ins><span class="cx"> DOMWindow& activeDOMWindow(JSC::ExecState*);
</span><span class="cx"> DOMWindow& firstDOMWindow(JSC::ExecState*);
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit212SourceWebCorebindingsjsJSDOMWindowCustomcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp (199488 => 199489)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-04-13 15:06:08 UTC (rev 199488)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp 2016-04-13 15:18:09 UTC (rev 199489)
</span><span class="lines">@@ -252,30 +252,6 @@
</span><span class="cx"> // (Particularly, is it correct that this exists here but not in getOwnPropertySlotByIndex?)
</span><span class="cx"> slot.setWatchpointSet(thisObject->m_windowCloseWatchpoints);
</span><span class="cx">
</span><del>- // FIXME: These are all bogus. Keeping these here make some tests pass that check these properties
- // are own properties of the window, but introduces other problems instead (e.g. if you overwrite
- // & delete then the original value is restored!) Should be removed.
- if (propertyName == exec->propertyNames().blur) {
- if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionBlur, 0>);
- return true;
- }
- if (propertyName == exec->propertyNames().close) {
- if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionClose, 0>);
- return true;
- }
- if (propertyName == exec->propertyNames().focus) {
- if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionFocus, 0>);
- return true;
- }
- if (propertyName == exec->propertyNames().postMessage) {
- if (!Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
- slot.setCustom(thisObject, ReadOnly | DontDelete | DontEnum, nonCachingStaticFunctionGetter<jsDOMWindowInstanceFunctionPostMessage, 2>);
- return true;
- }
-
</del><span class="cx"> if (propertyName == exec->propertyNames().showModalDialog) {
</span><span class="cx"> if (Base::getOwnPropertySlot(thisObject, exec, propertyName, slot))
</span><span class="cx"> return true;
</span><span class="lines">@@ -610,7 +586,7 @@
</span><span class="cx"> return jsUndefined();
</span><span class="cx">
</span><span class="cx"> ExceptionCode ec = 0;
</span><del>- impl.postMessage(message.release(), &messagePorts, targetOrigin, activeDOMWindow(&state), ec);
</del><ins>+ impl.postMessage(message.release(), &messagePorts, targetOrigin, callerDOMWindow(&state), ec);
</ins><span class="cx"> setDOMException(&state, ec);
</span><span class="cx">
</span><span class="cx"> return jsUndefined();
</span></span></pre>
</div>
</div>
</body>
</html>