<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - toJSDOMWindow() does not handle objects that descend from the JS DOM Window (crashes on use)"
href="https://bugs.webkit.org/show_bug.cgi?id=146785#c5">Comment # 5</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - toJSDOMWindow() does not handle objects that descend from the JS DOM Window (crashes on use)"
href="https://bugs.webkit.org/show_bug.cgi?id=146785">bug 146785</a>
from <span class="vcard"><a class="email" href="mailto:mark.lam@apple.com" title="Mark Lam <mark.lam@apple.com>"> <span class="fn">Mark Lam</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=256676&action=diff" name="attach_256676" title="Patch">attachment 256676</a> <a href="attachment.cgi?id=256676&action=edit" title="Patch">[details]</a></span>
Patch
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=256676&action=review">https://bugs.webkit.org/attachment.cgi?id=256676&action=review</a>
Some suggestions below. I’m also not convinced yet that this fix should be implemented in the toJSDOMWindow() function. I’m currently researching the issue.
<span class="quote">> Source/WebCore/bindings/js/JSDOMWindowBase.cpp:253
> + const ClassInfo* classInfo = asObject(value)->classInfo();</span >
You’ve already computed the JSObject* above. You can simplify this to:
const ClassInfo* classInfo = object->classInfo();
<span class="quote">> Source/WebCore/bindings/js/JSDOMWindowBase.cpp:255
> + return jsCast<JSDOMWindow*>(asObject(value));</span >
Ditto. You can simplify this to:
return jsCast<JSDOMWindow*>(object);
<span class="quote">> Source/WebCore/bindings/js/JSDOMWindowBase.cpp:257
> + return jsCast<JSDOMWindowShell*>(asObject(value))->window();</span >
Ditto. Simplify to:
return jsCast<JSDOMWindowShell*>(object)->window();</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>