[Webkit-unassigned] [Bug 66181] HTMLPlugInElement persists until page teardown if the plugin requests the script object for it
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Aug 23 17:18:33 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66181
--- Comment #7 from wez at chromium.org 2011-08-23 17:18:34 PST ---
Sorry for the confusion!
The Chromium and Linux/Gtk ports call HTMLPlugInElement::getNPObject() to fetch the plugin element's script object when the plugin requests it. At that point HTMLPlugInElement caches the object, retaining a reference to it. I think Mac/Safari must have its own method of generating a script object for the HTMLPlugInElement, without calling getNPObject().
The plugin element script object is cached presumably so that the plugin will just increase the reference count on a single object if it requests it repeatedly, rather than generating distinct objects. It's therefore reasonable to clear the cached reference when the plugin has been torn down, which should be the case when removedFromDocument() is notified.
Clearing the reference in detach() also sounds plausible, but since detach() is notified when an element is hidden, I'm not sure whether that would be correct?
The release of the reference in removedFromDocument() is only done if a reference is cached, which will only be the case if getNPObject() was previously called to generate the script object. This also makes it safe on platforms which never call getNPObject(), since on those platforms there will never be a cached reference to release.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list