<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[214996] releases/WebKitGTK/webkit-2.14</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/214996">214996</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2017-04-06 00:32:58 -0700 (Thu, 06 Apr 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/210468">r210468</a> - Regression(<a href="http://trac.webkit.org/projects/webkit/changeset/189230">r189230</a>): DOM Callbacks may use wrong global object
https://bugs.webkit.org/show_bug.cgi?id=166784
Reviewed by Mark Lam.
Source/WebCore:
DOM Callbacks could end up using the wrong global object after <a href="http://trac.webkit.org/projects/webkit/changeset/189230">r189230</a>
because we were getting the globalObject from the callback object
instead of the one at the point the callback object was passed in by
JavaScript. This patch fixes the issue.
Test: fast/frames/frame-window-as-callback.html
* bindings/js/JSCallbackData.cpp:
(WebCore::JSCallbackData::invokeCallback):
* bindings/js/JSCallbackData.h:
(WebCore::JSCallbackData::globalObject):
(WebCore::JSCallbackData::JSCallbackData):
(WebCore::JSCallbackDataStrong::JSCallbackDataStrong):
(WebCore::JSCallbackDataStrong::callback):
(WebCore::JSCallbackDataStrong::invokeCallback):
(WebCore::JSCallbackDataWeak::JSCallbackDataWeak):
(WebCore::JSCallbackDataWeak::callback):
(WebCore::JSCallbackDataWeak::invokeCallback):
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateCallbackImplementationContent):
LayoutTests:
Add layout test coverage.
* fast/frames/frame-window-as-callback-expected.txt: Added.
* fast/frames/frame-window-as-callback.html: Added.
* fast/frames/resources/wrong-global-object.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSCallbackDatacpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSCallbackDatah">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.h</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsscriptsCodeGeneratorJSpm">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm</a></li>
<li><a href="#releasesWebKitGTKwebkit214SourceWebCorebindingsscriptstestJSJSTestCallbackFunctioncpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/test/JS/JSTestCallbackFunction.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestsfastframesframewindowascallbackexpectedtxt">releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestsfastframesframewindowascallbackhtml">releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback.html</a></li>
<li><a href="#releasesWebKitGTKwebkit214LayoutTestsfastframesresourceswrongglobalobjecthtml">releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/resources/wrong-global-object.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit214LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/ChangeLog 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2017-01-06 Chris Dumez <cdumez@apple.com>
+
+ Regression(r189230): DOM Callbacks may use wrong global object
+ https://bugs.webkit.org/show_bug.cgi?id=166784
+
+ Reviewed by Mark Lam.
+
+ Add layout test coverage.
+
+ * fast/frames/frame-window-as-callback-expected.txt: Added.
+ * fast/frames/frame-window-as-callback.html: Added.
+ * fast/frames/resources/wrong-global-object.html: Added.
+
</ins><span class="cx"> 2017-01-03 Carlos Alberto Lopez Perez <clopez@igalia.com>
</span><span class="cx">
</span><span class="cx"> A floating element within <li> overlaps with the marker
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214LayoutTestsfastframesframewindowascallbackexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback-expected.txt (0 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback-expected.txt 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+Tests that we are using the right global object for DOM callbacks.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS: Global object was the right one.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214LayoutTestsfastframesframewindowascallbackhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback.html (0 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback.html (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/frame-window-as-callback.html 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -0,0 +1,28 @@
</span><ins>+<!DOCTYPE html>
+<html>
+<body>
+<script src="../../resources/js-test-pre.js"></script>
+<script>
+description("Tests that we are using the right global object for DOM callbacks.");
+jsTestIsAsync = true;
+
+document.result = "PASS: Global object was the right one.";
+var f = document.body.appendChild(document.createElement("iframe"));
+f.onload = function() {
+ f.onload = null;
+
+ try {
+ var iterator = document.createNodeIterator(document, NodeFilter.SHOW_ALL, f.contentWindow);
+ iterator.nextNode();
+ } catch(e) {
+ e.constructor.constructor("debug(document.result)")();
+ }
+
+ finishJSTest();
+};
+
+f.src = "resources/wrong-global-object.html";
+</script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214LayoutTestsfastframesresourceswrongglobalobjecthtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/resources/wrong-global-object.html (0 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/resources/wrong-global-object.html (rev 0)
+++ releases/WebKitGTK/webkit-2.14/LayoutTests/fast/frames/resources/wrong-global-object.html 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+<script src="../../../resources/js-test-pre.js"></script>
+<script>
+document.result = "FAIL: Wrong global object was used.";
+</script>
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -1,3 +1,31 @@
</span><ins>+2017-01-06 Chris Dumez <cdumez@apple.com>
+
+ Regression(r189230): DOM Callbacks may use wrong global object
+ https://bugs.webkit.org/show_bug.cgi?id=166784
+
+ Reviewed by Mark Lam.
+
+ DOM Callbacks could end up using the wrong global object after r189230
+ because we were getting the globalObject from the callback object
+ instead of the one at the point the callback object was passed in by
+ JavaScript. This patch fixes the issue.
+
+ Test: fast/frames/frame-window-as-callback.html
+
+ * bindings/js/JSCallbackData.cpp:
+ (WebCore::JSCallbackData::invokeCallback):
+ * bindings/js/JSCallbackData.h:
+ (WebCore::JSCallbackData::globalObject):
+ (WebCore::JSCallbackData::JSCallbackData):
+ (WebCore::JSCallbackDataStrong::JSCallbackDataStrong):
+ (WebCore::JSCallbackDataStrong::callback):
+ (WebCore::JSCallbackDataStrong::invokeCallback):
+ (WebCore::JSCallbackDataWeak::JSCallbackDataWeak):
+ (WebCore::JSCallbackDataWeak::callback):
+ (WebCore::JSCallbackDataWeak::invokeCallback):
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (GenerateCallbackImplementationContent):
+
</ins><span class="cx"> 2017-01-03 Carlos Alberto Lopez Perez <clopez@igalia.com>
</span><span class="cx">
</span><span class="cx"> A floating element within <li> overlaps with the marker
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSCallbackDatacpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.cpp (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.cpp 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.cpp 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -39,14 +39,11 @@
</span><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><del>-JSValue JSCallbackData::invokeCallback(JSObject* callback, MarkedArgumentBuffer& args, CallbackType method, PropertyName functionName, NakedPtr<Exception>& returnedException)
</del><ins>+JSValue JSCallbackData::invokeCallback(JSDOMGlobalObject& globalObject, JSObject* callback, MarkedArgumentBuffer& args, CallbackType method, PropertyName functionName, NakedPtr<Exception>& returnedException)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(callback);
</span><span class="cx">
</span><del>- auto* globalObject = JSC::jsCast<JSDOMGlobalObject*>(callback->globalObject());
- ASSERT(globalObject);
-
- ExecState* exec = globalObject->globalExec();
</del><ins>+ ExecState* exec = globalObject.globalExec();
</ins><span class="cx"> JSValue function;
</span><span class="cx"> CallData callData;
</span><span class="cx"> CallType callType = CallType::None;
</span><span class="lines">@@ -73,7 +70,7 @@
</span><span class="cx"> ASSERT(!function.isEmpty());
</span><span class="cx"> ASSERT(callType != CallType::None);
</span><span class="cx">
</span><del>- ScriptExecutionContext* context = globalObject->scriptExecutionContext();
</del><ins>+ ScriptExecutionContext* context = globalObject.scriptExecutionContext();
</ins><span class="cx"> // We will fail to get the context if the frame has been detached.
</span><span class="cx"> if (!context)
</span><span class="cx"> return JSValue();
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsjsJSCallbackDatah"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.h (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.h 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/js/JSCallbackData.h 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -47,10 +47,13 @@
</span><span class="cx"> public:
</span><span class="cx"> enum class CallbackType { Function, Object, FunctionOrObject };
</span><span class="cx">
</span><ins>+ JSDOMGlobalObject* globalObject() { return m_globalObject.get(); }
+
</ins><span class="cx"> protected:
</span><del>- JSCallbackData()
</del><ins>+ explicit JSCallbackData(JSDOMGlobalObject* globalObject)
+ : m_globalObject(globalObject)
</ins><span class="cx"> #ifndef NDEBUG
</span><del>- : m_thread(currentThread())
</del><ins>+ , m_thread(currentThread())
</ins><span class="cx"> #endif
</span><span class="cx"> {
</span><span class="cx"> }
</span><span class="lines">@@ -62,9 +65,10 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static JSC::JSValue invokeCallback(JSC::JSObject* callback, JSC::MarkedArgumentBuffer&, CallbackType, JSC::PropertyName functionName, NakedPtr<JSC::Exception>& returnedException);
</del><ins>+ static JSC::JSValue invokeCallback(JSDOMGlobalObject&, JSC::JSObject* callback, JSC::MarkedArgumentBuffer&, CallbackType, JSC::PropertyName functionName, NakedPtr<JSC::Exception>& returnedException);
</ins><span class="cx">
</span><span class="cx"> private:
</span><ins>+ JSC::Weak<JSDOMGlobalObject> m_globalObject;
</ins><span class="cx"> #ifndef NDEBUG
</span><span class="cx"> ThreadIdentifier m_thread;
</span><span class="cx"> #endif
</span><span class="lines">@@ -72,17 +76,21 @@
</span><span class="cx">
</span><span class="cx"> class JSCallbackDataStrong : public JSCallbackData {
</span><span class="cx"> public:
</span><del>- JSCallbackDataStrong(JSC::JSObject* callback, void*)
- : m_callback(callback->globalObject()->vm(), callback)
</del><ins>+ JSCallbackDataStrong(JSC::JSObject* callback, JSDOMGlobalObject* globalObject, void*)
+ : JSCallbackData(globalObject)
+ , m_callback(globalObject->vm(), callback)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSC::JSObject* callback() { return m_callback.get(); }
</span><del>- JSDOMGlobalObject* globalObject() { return JSC::jsCast<JSDOMGlobalObject*>(m_callback->globalObject()); }
</del><span class="cx">
</span><span class="cx"> JSC::JSValue invokeCallback(JSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr<JSC::Exception>& returnedException)
</span><span class="cx"> {
</span><del>- return JSCallbackData::invokeCallback(callback(), args, callbackType, functionName, returnedException);
</del><ins>+ auto* globalObject = this->globalObject();
+ if (!globalObject)
+ return { };
+
+ return JSCallbackData::invokeCallback(*globalObject, callback(), args, callbackType, functionName, returnedException);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="lines">@@ -91,17 +99,21 @@
</span><span class="cx">
</span><span class="cx"> class JSCallbackDataWeak : public JSCallbackData {
</span><span class="cx"> public:
</span><del>- JSCallbackDataWeak(JSC::JSObject* callback, void* owner)
- : m_callback(callback, &m_weakOwner, owner)
</del><ins>+ JSCallbackDataWeak(JSC::JSObject* callback, JSDOMGlobalObject* globalObject, void* owner)
+ : JSCallbackData(globalObject)
+ , m_callback(callback, &m_weakOwner, owner)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSC::JSObject* callback() { return m_callback.get(); }
</span><del>- JSDOMGlobalObject* globalObject() { return JSC::jsCast<JSDOMGlobalObject*>(m_callback->globalObject()); }
</del><span class="cx">
</span><span class="cx"> JSC::JSValue invokeCallback(JSC::MarkedArgumentBuffer& args, CallbackType callbackType, JSC::PropertyName functionName, NakedPtr<JSC::Exception>& returnedException)
</span><span class="cx"> {
</span><del>- return JSCallbackData::invokeCallback(callback(), args, callbackType, functionName, returnedException);
</del><ins>+ auto* globalObject = this->globalObject();
+ if (!globalObject)
+ return { };
+
+ return JSCallbackData::invokeCallback(*globalObject, callback(), args, callbackType, functionName, returnedException);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> private:
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsscriptsCodeGeneratorJSpm"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -4230,7 +4230,7 @@
</span><span class="cx"> push(@implContent, " : ${interfaceName}()\n");
</span><span class="cx"> }
</span><span class="cx"> push(@implContent, " , ActiveDOMCallback(globalObject->scriptExecutionContext())\n");
</span><del>- push(@implContent, " , m_data(new " . GetJSCallbackDataType($interface) . "(callback, this))\n");
</del><ins>+ push(@implContent, " , m_data(new " . GetJSCallbackDataType($interface) . "(callback, globalObject, this))\n");
</ins><span class="cx"> push(@implContent, "{\n");
</span><span class="cx"> push(@implContent, "}\n\n");
</span><span class="cx">
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit214SourceWebCorebindingsscriptstestJSJSTestCallbackFunctioncpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/test/JS/JSTestCallbackFunction.cpp (214995 => 214996)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/test/JS/JSTestCallbackFunction.cpp 2017-04-06 06:59:03 UTC (rev 214995)
+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/bindings/scripts/test/JS/JSTestCallbackFunction.cpp 2017-04-06 07:32:58 UTC (rev 214996)
</span><span class="lines">@@ -39,7 +39,7 @@
</span><span class="cx"> JSTestCallbackFunction::JSTestCallbackFunction(JSObject* callback, JSDOMGlobalObject* globalObject)
</span><span class="cx"> : TestCallbackFunction()
</span><span class="cx"> , ActiveDOMCallback(globalObject->scriptExecutionContext())
</span><del>- , m_data(new JSCallbackDataStrong(callback, this))
</del><ins>+ , m_data(new JSCallbackDataStrong(callback, globalObject, this))
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>