[webkit-reviews] review granted: [Bug 41350] [v8] Web Inspector: inspected page crashes on attempt to change iframe's src attribute : [Attachment 60025] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 29 18:38:48 PDT 2010
Adam Barth <abarth at webkit.org> has granted Yury Semikhatsky
<yurys at chromium.org>'s request for review:
Bug 41350: [v8] Web Inspector: inspected page crashes on attempt to change
iframe's src attribute
https://bugs.webkit.org/show_bug.cgi?id=41350
Attachment 60025: Patch
https://bugs.webkit.org/attachment.cgi?id=60025&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
WebCore/bindings/v8/ScriptController.cpp:165
+ v8::Handle<v8::Context> v8Context = m_proxy->mainWorldContext();
Are you sure it's ok to switch to using this frame's context instead of the
entered frame? What if the event is triggered in the other frame? It might be
missing from this frame's global object and we'd incorrectly think that there
wasn't a user gesture.
http://trac.webkit.org/browser/trunk/WebCore/bindings/js/ScriptController.cpp#L
247
I guess the caller of this API typically finds the entered Frame before calling
this method. It's probably ok, but I'm slightly worried about regressions.
Can you add a test for the global->Get => global->GetHiddenValue change? I
think the way to do that is to steal the event from a real user gesture and
then assign it to window.event during a non-user gesture.
More information about the webkit-reviews
mailing list