[Webkit-unassigned] [Bug 76035] Add state attribute to history's dom interface.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jan 31 17:30:47 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=76035
Kentaro Hara <haraken at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #124856|review? |review-
Flag| |
--- Comment #74 from Kentaro Hara <haraken at chromium.org> 2012-01-31 17:30:45 PST ---
(From update of attachment 124856)
View in context: https://bugs.webkit.org/attachment.cgi?id=124856&action=review
r- due to history->stateChanged()
> Source/WebCore/bindings/js/JSHistoryCustom.cpp:172
> + if (!cachedValue.isEmpty() && !history->stateChanged())
I guess this might be dangerous. What happens if another call path updates history.state? For example,
(1) JSHistory::state() caches 1111 in |m_state|.
(2) Another call path updates history.state to 2222.
(3) Another call path calls History::state(), which returns 2222.
(4) JSHistory::state() is called again. It calls history->stateChanged() and it returns false. Consequently, JSHistory::state() will return the cached 1111.
> Source/WebCore/page/History.idl:40
> + readonly attribute [CachedAttribute, Custom] SerializedScriptValue state;
[CachedAttribute] is not necessary, since the getter and setter are written as a custom getter and setter.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list