[Webkit-unassigned] [Bug 26058] Fix remaining lexical / dynamic uses

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 31 15:19:26 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=26058





------- Comment #4 from abarth at webkit.org  2009-05-31 15:19 PDT -------
(In reply to comment #3)
> What information is needed?

Consider JSCustomXPathNSResolver::create

http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSCustomXPathNSResolver.cpp#L53

It's not clear to me that either lexicalGlobalObject or dynamicGlobalObject is
the right thing here.  It seems like we probably want something equivalent to
V8's CurrentContext (i.e., the frame associated with the method itself), but I
haven't investigated this in detail.

In general, I don't really understand what this file is doing.  For example:

http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSCustomXPathNSResolver.cpp#L77

That line of code looks really wrong.  If the frame has been navigated since
this object was created, this code looks like it's grabbing the ExecState for a
random SecurityOrigin and calling this lookupNamespaceURI function.

Also, consider JSDatabase::transaction

http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSDatabaseCustom.cpp#L104

Which frame should we use for the error callback?  Presumably the one
associated with the database object itself (e.g., CurrentContent), not
lexicalGlobalObject or dynamicGlobalObject.  Also, I have the same concern
about grabbing the ExecState from the Frame after navigation for these database
callbacks:

http://trac.webkit.org/browser/trunk/WebCore/bindings/js/JSCustomSQLTransactionCallback.cpp#L98


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list