[Webkit-unassigned] [Bug 87118] New: [JSC] SerializedScriptValue.create() succeeds even if port cannot be added to transfer
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 22 04:54:46 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=87118
Summary: [JSC] SerializedScriptValue.create() succeeds even if
port cannot be added to transfer
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: christophe.dumez at intel.com
Blocks: 86868
This is tested by webintents/web-intents-obj-constructor.html:
// Ports, if present, must be put in |transfer|.
var badchannel = new MessageChannel();
badchannel.port2.onMessage = function() {
debug("* got message");
}
badPortIntentObj =
{"action":"action1",
"type":"text/plain+badport",
"data":badchannel.port1};
shouldThrow("new WebKitIntent(badPortIntentObj)", "'Error: DATA_CLONE_ERR: DOM Exception 25'");
Unfortunately, this check fails with JSC because the serialization will succeed.
I can fix this as follows:
--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
@@ -627,21 +627,22 @@ private:
write(UString(flags, flagCount));
return true;
}
if (obj->inherits(&JSMessagePort::s_info)) {
ObjectPool::iterator index = m_transferredMessagePorts.find(obj);
if (index != m_transferredMessagePorts.end()) {
write(MessagePortReferenceTag);
write(index->second);
return true;
}
- return false;
+ code = ValidationError;
+ return true;
}
However, I'm not 100% sure this is the right way to fix it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list