Commit 8c392cc4 authored by weinig's avatar weinig

LayoutTests:

        Reviewed by Maciej.

        Test for <rdar://problem/5329841>
        Calling window.closed on a closed window causes Safari to crash

        * fast/dom/Window/window-closed-crash-expected.txt: Added.
        * fast/dom/Window/window-closed-crash.html: Added.

WebCore:

        Reviewed by Maciej.

        Patch for <rdar://problem/5329841>
        Calling window.closed on a closed window causes Safari to crash

        - Replaces the Frame member variable in KJS::Window for more appropriate DOMWindow
        - Adds additional new null checks as necessary
        - Removes bogus toBoolean method
        - Removes unused scheduleClose method

        Test: fast/dom/Window/window-closed-crash.html

        * bindings/js/JSCustomXPathNSResolver.cpp:
        (WebCore::JSCustomXPathNSResolver::create):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::customGetOwnPropertySlot):
        (WebCore::JSDOMWindow::customPut):
        * bindings/js/JSXMLHttpRequest.cpp:
        (KJS::JSXMLHttpRequestPrototypeFunction::callAsFunction):
        * bindings/js/kjs_events.cpp:
        (WebCore::JSAbstractEventListener::handleEvent):
        (WebCore::JSLazyEventListener::parseCode):
        * bindings/js/kjs_window.cpp:
        (KJS::Window::Window):
        (KJS::Window::impl):
        (KJS::Window::interpreter):
        (KJS::Window::location):
        (KJS::Window::find):
        (KJS::allowPopUp):
        (KJS::createWindow):
        (KJS::canShowModalDialog):
        (KJS::canShowModalDialogNow):
        (KJS::showModalDialog):
        (KJS::Window::getValueProperty):
        (KJS::Window::childFrameGetter):
        (KJS::Window::indexGetter):
        (KJS::Window::namedItemGetter):
        (KJS::Window::getOwnPropertySlot):
        (KJS::Window::put):
        (KJS::Window::isSafeScript):
        (KJS::Window::setListener):
        (KJS::Window::getListener):
        (KJS::Window::clear):
        (KJS::WindowFunc::callAsFunction):
        (KJS::Window::updateLayout):
        (KJS::ScheduledAction::execute):
        (KJS::Window::disconnectFrame):
        (KJS::Location::put):
        (KJS::LocationFunc::callAsFunction):
        * bindings/js/kjs_window.h:
        * page/mac/WebCoreFrameBridge.mm:
        (updateRenderingForBindings):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@24241 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 970f5625
2007-07-11 Sam Weinig <sam@webkit.org>
Reviewed by Maciej.
Test for <rdar://problem/5329841>
Calling window.closed on a closed window causes Safari to crash
* fast/dom/Window/window-closed-crash-expected.txt: Added.
* fast/dom/Window/window-closed-crash.html: Added.
2007-07-12 Mitz Pettel <mitz@webkit.org> 2007-07-12 Mitz Pettel <mitz@webkit.org>
Reviewed by Mark Rowe. Reviewed by Mark Rowe.
This tests that window.closed on a closed window, or window without a frame, does not crash the browser. See rdar://problem/5329841
Passed!
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">
function log(msg)
{
document.getElementById('console').appendChild(document.createTextNode(msg + '\n'));
}
</script>
</head>
<body>
<p>This tests that window.closed on a closed window, or window without a frame, does not crash the browser. See rdar://problem/5329841</p>
<pre id="console"></pre>
<iframe id="anIframe"></iframe>
<script>
if (window.layoutTestController)
layoutTestController.dumpAsText();
var win = window.frames[0];
document.body.removeChild(document.getElementById('anIframe'));
var c = win.closed;
log("Passed!");
</script>
</body>
</html>
2007-07-11 Sam Weinig <sam@webkit.org>
Reviewed by Maciej.
Patch for <rdar://problem/5329841>
Calling window.closed on a closed window causes Safari to crash
- Replaces the Frame member variable in KJS::Window for more appropriate DOMWindow
- Adds additional new null checks as necessary
- Removes bogus toBoolean method
- Removes unused scheduleClose method
Test: fast/dom/Window/window-closed-crash.html
* bindings/js/JSCustomXPathNSResolver.cpp:
(WebCore::JSCustomXPathNSResolver::create):
* bindings/js/JSDOMWindowCustom.cpp:
(WebCore::JSDOMWindow::customGetOwnPropertySlot):
(WebCore::JSDOMWindow::customPut):
* bindings/js/JSXMLHttpRequest.cpp:
(KJS::JSXMLHttpRequestPrototypeFunction::callAsFunction):
* bindings/js/kjs_events.cpp:
(WebCore::JSAbstractEventListener::handleEvent):
(WebCore::JSLazyEventListener::parseCode):
* bindings/js/kjs_window.cpp:
(KJS::Window::Window):
(KJS::Window::impl):
(KJS::Window::interpreter):
(KJS::Window::location):
(KJS::Window::find):
(KJS::allowPopUp):
(KJS::createWindow):
(KJS::canShowModalDialog):
(KJS::canShowModalDialogNow):
(KJS::showModalDialog):
(KJS::Window::getValueProperty):
(KJS::Window::childFrameGetter):
(KJS::Window::indexGetter):
(KJS::Window::namedItemGetter):
(KJS::Window::getOwnPropertySlot):
(KJS::Window::put):
(KJS::Window::isSafeScript):
(KJS::Window::setListener):
(KJS::Window::getListener):
(KJS::Window::clear):
(KJS::WindowFunc::callAsFunction):
(KJS::Window::updateLayout):
(KJS::ScheduledAction::execute):
(KJS::Window::disconnectFrame):
(KJS::Location::put):
(KJS::LocationFunc::callAsFunction):
* bindings/js/kjs_window.h:
* page/mac/WebCoreFrameBridge.mm:
(updateRenderingForBindings):
2007-07-12 Mark Rowe <mrowe@apple.com> 2007-07-12 Mark Rowe <mrowe@apple.com>
Reviewed by Ada. Reviewed by Ada.
...@@ -29,6 +29,7 @@ ...@@ -29,6 +29,7 @@
#if ENABLE(XPATH) #if ENABLE(XPATH)
#include "CString.h" #include "CString.h"
#include "DOMWindow.h"
#include "Document.h" #include "Document.h"
#include "ExceptionCode.h" #include "ExceptionCode.h"
#include "Frame.h" #include "Frame.h"
...@@ -53,7 +54,7 @@ PassRefPtr<JSCustomXPathNSResolver> JSCustomXPathNSResolver::create(KJS::ExecSta ...@@ -53,7 +54,7 @@ PassRefPtr<JSCustomXPathNSResolver> JSCustomXPathNSResolver::create(KJS::ExecSta
return 0; return 0;
} }
return new JSCustomXPathNSResolver(resolverObject, KJS::Window::retrieveActive(exec)->frame()); return new JSCustomXPathNSResolver(resolverObject, KJS::Window::retrieveActive(exec)->impl()->frame());
} }
JSCustomXPathNSResolver::JSCustomXPathNSResolver(JSObject* customResolver, Frame* frame) JSCustomXPathNSResolver::JSCustomXPathNSResolver(JSObject* customResolver, Frame* frame)
......
...@@ -21,13 +21,14 @@ ...@@ -21,13 +21,14 @@
#include "JSDOMWindow.h" #include "JSDOMWindow.h"
#include "kjs_window.h" #include "kjs_window.h"
#include "DOMWindow.h"
namespace WebCore { namespace WebCore {
bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::PropertySlot& slot) bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::PropertySlot& slot)
{ {
// we don't want any properties other than "closed" on a closed window // we don't want any properties other than "closed" on a closed window
if (!frame()) { if (!impl()->frame()) {
if (propertyName == "closed") { if (propertyName == "closed") {
const KJS::HashEntry* entry = KJS::Lookup::findEntry(classInfo()->propHashTable, propertyName); const KJS::HashEntry* entry = KJS::Lookup::findEntry(classInfo()->propHashTable, propertyName);
ASSERT(entry); ASSERT(entry);
...@@ -91,7 +92,7 @@ bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Iden ...@@ -91,7 +92,7 @@ bool JSDOMWindow::customGetOwnPropertySlot(KJS::ExecState* exec, const KJS::Iden
bool JSDOMWindow::customPut(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::JSValue* value, int attr) bool JSDOMWindow::customPut(KJS::ExecState* exec, const KJS::Identifier& propertyName, KJS::JSValue* value, int attr)
{ {
if (!frame()) if (!impl()->frame())
return true; return true;
// Called by an internal KJS call or if we have a local override (e.g. "var location") // Called by an internal KJS call or if we have a local override (e.g. "var location")
......
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include "config.h" #include "config.h"
#include "JSXMLHttpRequest.h" #include "JSXMLHttpRequest.h"
#include "DOMWindow.h"
#include "Event.h" #include "Event.h"
#include "Frame.h" #include "Frame.h"
#include "FrameLoader.h" #include "FrameLoader.h"
...@@ -218,7 +219,10 @@ JSValue* JSXMLHttpRequestPrototypeFunction::callAsFunction(ExecState* exec, JSOb ...@@ -218,7 +219,10 @@ JSValue* JSXMLHttpRequestPrototypeFunction::callAsFunction(ExecState* exec, JSOb
return throwError(exec, SyntaxError, "Not enough arguments"); return throwError(exec, SyntaxError, "Not enough arguments");
String method = args[0]->toString(exec); String method = args[0]->toString(exec);
KURL url = Window::retrieveActive(exec)->frame()->loader()->completeURL(DeprecatedString(args[1]->toString(exec))); Frame* frame = Window::retrieveActive(exec)->impl()->frame();
if (!frame)
return jsUndefined();
KURL url = frame->loader()->completeURL(DeprecatedString(args[1]->toString(exec)));
bool async = true; bool async = true;
if (args.size() >= 3) if (args.size() >= 3)
......
...@@ -25,6 +25,7 @@ ...@@ -25,6 +25,7 @@
#include "Chrome.h" #include "Chrome.h"
#include "Clipboard.h" #include "Clipboard.h"
#include "ClipboardEvent.h" #include "ClipboardEvent.h"
#include "DOMWindow.h"
#include "Document.h" #include "Document.h"
#include "Event.h" #include "Event.h"
#include "EventNames.h" #include "EventNames.h"
...@@ -70,7 +71,7 @@ void JSAbstractEventListener::handleEvent(Event* ele, bool isWindowEvent) ...@@ -70,7 +71,7 @@ void JSAbstractEventListener::handleEvent(Event* ele, bool isWindowEvent)
// xmlhttprequest objects. See http://bugs.webkit.org/show_bug.cgi?id=13275 // xmlhttprequest objects. See http://bugs.webkit.org/show_bug.cgi?id=13275
if (!window) if (!window)
return; return;
Frame *frame = window->frame(); Frame *frame = window->impl()->frame();
if (!frame) if (!frame)
return; return;
KJSProxy* proxy = frame->scriptProxy(); KJSProxy* proxy = frame->scriptProxy();
...@@ -290,7 +291,7 @@ void JSLazyEventListener::parseCode() const ...@@ -290,7 +291,7 @@ void JSLazyEventListener::parseCode() const
return; return;
m_parsed = true; m_parsed = true;
Frame* frame = windowObj()->frame(); Frame* frame = windowObj()->impl()->frame();
KJSProxy* proxy = 0; KJSProxy* proxy = 0;
if (frame) if (frame)
proxy = frame->scriptProxy(); proxy = frame->scriptProxy();
......
...@@ -222,7 +222,7 @@ const ClassInfo Window::info = { "Window", 0, &WindowTable, 0 }; ...@@ -222,7 +222,7 @@ const ClassInfo Window::info = { "Window", 0, &WindowTable, 0 };
*/ */
Window::Window(DOMWindow* window) Window::Window(DOMWindow* window)
: m_frame(window->frame()) : m_impl(window)
, d(new WindowPrivate) , d(new WindowPrivate)
{ {
} }
...@@ -254,12 +254,16 @@ Window::~Window() ...@@ -254,12 +254,16 @@ Window::~Window()
DOMWindow* Window::impl() const DOMWindow* Window::impl() const
{ {
return m_frame->domWindow(); return m_impl.get();
} }
ScriptInterpreter *Window::interpreter() const ScriptInterpreter* Window::interpreter() const
{ {
return m_frame->scriptProxy()->interpreter(); Frame* frame = impl()->frame();
if (!frame)
return 0;
return frame->scriptProxy()->interpreter();
} }
Window *Window::retrieveWindow(Frame *f) Window *Window::retrieveWindow(Frame *f)
...@@ -289,14 +293,18 @@ JSValue *Window::retrieve(Frame *p) ...@@ -289,14 +293,18 @@ JSValue *Window::retrieve(Frame *p)
Location *Window::location() const Location *Window::location() const
{ {
if (!d->loc) if (!d->loc)
d->loc = new Location(m_frame); d->loc = new Location(impl()->frame());
return d->loc; return d->loc;
} }
bool Window::find(const String& string, bool caseSensitive, bool backwards, bool wrap, bool wholeWord, bool searchInFrames, bool showDialog) const bool Window::find(const String& string, bool caseSensitive, bool backwards, bool wrap, bool wholeWord, bool searchInFrames, bool showDialog) const
{ {
// FIXME (13016): Support wholeWord, searchInFrames and showDialog // FIXME (13016): Support wholeWord, searchInFrames and showDialog
return m_frame->findString(string, !backwards, caseSensitive, wrap, false); Frame* frame = impl()->frame();
if (!frame)
return false;
return frame->findString(string, !backwards, caseSensitive, wrap, false);
} }
// reference our special objects during garbage collection // reference our special objects during garbage collection
...@@ -309,11 +317,12 @@ void Window::mark() ...@@ -309,11 +317,12 @@ void Window::mark()
static bool allowPopUp(ExecState *exec, Window *window) static bool allowPopUp(ExecState *exec, Window *window)
{ {
if (!window->frame()) Frame* frame = window->impl()->frame();
if (!frame)
return false; return false;
if (static_cast<ScriptInterpreter*>(exec->dynamicInterpreter())->wasRunByUserGesture()) if (static_cast<ScriptInterpreter*>(exec->dynamicInterpreter())->wasRunByUserGesture())
return true; return true;
Settings* settings = window->frame()->settings(); Settings* settings = frame->settings();
return settings && settings->JavaScriptCanOpenWindowsAutomatically(); return settings && settings->JavaScriptCanOpenWindowsAutomatically();
} }
...@@ -378,7 +387,7 @@ static float floatFeature(const HashMap<String, String> &features, const char *k ...@@ -378,7 +387,7 @@ static float floatFeature(const HashMap<String, String> &features, const char *k
static Frame* createWindow(ExecState* exec, Frame* openerFrame, const String& url, static Frame* createWindow(ExecState* exec, Frame* openerFrame, const String& url,
const String& frameName, const WindowFeatures& windowFeatures, JSValue* dialogArgs) const String& frameName, const WindowFeatures& windowFeatures, JSValue* dialogArgs)
{ {
Frame* activeFrame = Window::retrieveActive(exec)->frame(); Frame* activeFrame = Window::retrieveActive(exec)->impl()->frame();
ResourceRequest request; ResourceRequest request;
if (activeFrame) if (activeFrame)
...@@ -424,16 +433,20 @@ static Frame* createWindow(ExecState* exec, Frame* openerFrame, const String& ur ...@@ -424,16 +433,20 @@ static Frame* createWindow(ExecState* exec, Frame* openerFrame, const String& ur
static bool canShowModalDialog(const Window *window) static bool canShowModalDialog(const Window *window)
{ {
if (Frame* frame = window->frame()) Frame* frame = window->impl()->frame();
return frame->page()->chrome()->canRunModal(); if (!frame)
return false; return false;
return frame->page()->chrome()->canRunModal();
} }
static bool canShowModalDialogNow(const Window *window) static bool canShowModalDialogNow(const Window *window)
{ {
if (Frame* frame = window->frame()) Frame* frame = window->impl()->frame();
return frame->page()->chrome()->canRunModalNow(); if (!frame)
return false; return false;
return frame->page()->chrome()->canRunModalNow();
} }
static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const List& args) static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const List& args)
...@@ -454,8 +467,11 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis ...@@ -454,8 +467,11 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis
// - dialogHide: trusted && boolFeature(features, "dialoghide"), makes dialog hide when you print // - dialogHide: trusted && boolFeature(features, "dialoghide"), makes dialog hide when you print
// - help: boolFeature(features, "help", true), makes help icon appear in dialog (what does it do on Windows?) // - help: boolFeature(features, "help", true), makes help icon appear in dialog (what does it do on Windows?)
// - unadorned: trusted && boolFeature(features, "unadorned"); // - unadorned: trusted && boolFeature(features, "unadorned");
Frame* frame = openerWindow->impl()->frame();
if (!frame)
return jsUndefined();
FloatRect screenRect = screenAvailableRect(openerWindow->frame()->view()); FloatRect screenRect = screenAvailableRect(frame->view());
wargs.width = floatFeature(features, "dialogwidth", 100, screenRect.width(), 620); // default here came from frame size of dialog in MacIE wargs.width = floatFeature(features, "dialogwidth", 100, screenRect.width(), 620); // default here came from frame size of dialog in MacIE
wargs.widthSet = true; wargs.widthSet = true;
...@@ -487,7 +503,7 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis ...@@ -487,7 +503,7 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis
wargs.locationBarVisible = false; wargs.locationBarVisible = false;
wargs.fullscreen = false; wargs.fullscreen = false;
Frame* dialogFrame = createWindow(exec, openerWindow->frame(), valueToStringWithUndefinedOrNullCheck(exec, args[0]), "", wargs, args[1]); Frame* dialogFrame = createWindow(exec, frame, valueToStringWithUndefinedOrNullCheck(exec, args[0]), "", wargs, args[1]);
if (!dialogFrame) if (!dialogFrame)
return jsUndefined(); return jsUndefined();
...@@ -511,7 +527,7 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis ...@@ -511,7 +527,7 @@ static JSValue* showModalDialog(ExecState* exec, Window* openerWindow, const Lis
JSValue *Window::getValueProperty(ExecState *exec, int token) const JSValue *Window::getValueProperty(ExecState *exec, int token) const
{ {
ASSERT(m_frame); ASSERT(impl()->frame());
switch (token) { switch (token) {
case Crypto: case Crypto:
...@@ -523,7 +539,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const ...@@ -523,7 +539,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const
return jsUndefined(); return jsUndefined();
return getDOMExceptionConstructor(exec); return getDOMExceptionConstructor(exec);
case Frames: case Frames:
return retrieve(m_frame); return retrieve(impl()->frame());
case Event_: case Event_:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
...@@ -537,7 +553,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const ...@@ -537,7 +553,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
// Store the navigator in the object so we get the same one each time. // Store the navigator in the object so we get the same one each time.
Navigator *n = new Navigator(exec, m_frame); Navigator *n = new Navigator(exec, impl()->frame());
// FIXME: this will make the "navigator" object accessible from windows that fail // FIXME: this will make the "navigator" object accessible from windows that fail
// the security check the first time, but not subsequent times, seems weird. // the security check the first time, but not subsequent times, seems weird.
const_cast<Window *>(this)->putDirect("navigator", n, DontDelete|ReadOnly); const_cast<Window *>(this)->putDirect("navigator", n, DontDelete|ReadOnly);
...@@ -545,30 +561,30 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const ...@@ -545,30 +561,30 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const
return n; return n;
} }
case Opener: case Opener:
if (m_frame->loader()->opener()) if (impl()->frame()->loader()->opener())
return retrieve(m_frame->loader()->opener()); return retrieve(impl()->frame()->loader()->opener());
return jsNull(); return jsNull();
case Parent: case Parent:
return retrieve(m_frame->tree()->parent() ? m_frame->tree()->parent() : m_frame); return retrieve(impl()->frame()->tree()->parent() ? impl()->frame()->tree()->parent() : impl()->frame());
case Self: case Self:
case Window_: case Window_:
return retrieve(m_frame); return retrieve(impl()->frame());
case Top: case Top:
return retrieve(m_frame->page()->mainFrame()); return retrieve(impl()->frame()->page()->mainFrame());
case Image: case Image:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
// FIXME: this property (and the few below) probably shouldn't create a new object every // FIXME: this property (and the few below) probably shouldn't create a new object every
// time // time
return new ImageConstructorImp(exec, m_frame->document()); return new ImageConstructorImp(exec, impl()->frame()->document());
case Option: case Option:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
return new JSHTMLOptionElementConstructor(exec, m_frame->document()); return new JSHTMLOptionElementConstructor(exec, impl()->frame()->document());
case XMLHttpRequest: case XMLHttpRequest:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
return new JSXMLHttpRequestConstructorImp(exec, m_frame->document()); return new JSXMLHttpRequestConstructorImp(exec, impl()->frame()->document());
#if ENABLE(XSLT) #if ENABLE(XSLT)
case XSLTProcessor_: case XSLTProcessor_:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
...@@ -581,7 +597,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const ...@@ -581,7 +597,7 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const
case FrameElement: case FrameElement:
if (!isSafeScript(exec)) if (!isSafeScript(exec))
return jsUndefined(); return jsUndefined();
if (Document* doc = m_frame->document()) if (Document* doc = impl()->frame()->document())
if (Element* fe = doc->ownerElement()) if (Element* fe = doc->ownerElement())
if (checkNodeSecurity(exec, fe)) if (checkNodeSecurity(exec, fe))
return toJS(exec, fe); return toJS(exec, fe);
...@@ -649,18 +665,18 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const ...@@ -649,18 +665,18 @@ JSValue *Window::getValueProperty(ExecState *exec, int token) const
JSValue* Window::childFrameGetter(ExecState*, JSObject*, const Identifier& propertyName, const PropertySlot& slot) JSValue* Window::childFrameGetter(ExecState*, JSObject*, const Identifier& propertyName, const PropertySlot& slot)
{ {
return retrieve(static_cast<Window*>(slot.slotBase())->m_frame->tree()->child(AtomicString(propertyName))); return retrieve(static_cast<Window*>(slot.slotBase())->impl()->frame()->tree()->child(AtomicString(propertyName)));
} }
JSValue* Window::indexGetter(ExecState*, JSObject*, const Identifier&, const PropertySlot& slot) JSValue* Window::indexGetter(ExecState*, JSObject*, const Identifier&, const PropertySlot& slot)
{ {
return retrieve(static_cast<Window*>(slot.slotBase())->m_frame->tree()->child(slot.index())); return retrieve(static_cast<Window*>(slot.slotBase())->impl()->frame()->tree()->child(slot.index()));
} }
JSValue *Window::namedItemGetter(ExecState *exec, JSObject *originalObject, const Identifier& propertyName, const PropertySlot& slot) JSValue *Window::namedItemGetter(ExecState *exec, JSObject *originalObject, const Identifier& propertyName, const PropertySlot& slot)
{ {
Window *thisObj = static_cast<Window *>(slot.slotBase()); Window *thisObj = static_cast<Window *>(slot.slotBase());
Document *doc = thisObj->m_frame->document(); Document *doc = thisObj->impl()->frame()->document();
ASSERT(thisObj->isSafeScript(exec) && doc && doc->isHTMLDocument()); ASSERT(thisObj->isSafeScript(exec) && doc && doc->isHTMLDocument());
String name = propertyName; String name = propertyName;
...@@ -677,7 +693,7 @@ bool Window::getOwnPropertySlot(ExecState *exec, const Identifier& propertyName, ...@@ -677,7 +693,7 @@ bool Window::getOwnPropertySlot(ExecState *exec, const Identifier& propertyName,
// naming frames things that conflict with window properties that // naming frames things that conflict with window properties that
// are in Moz but not IE. Since we have some of these, we have to do // are in Moz but not IE. Since we have some of these, we have to do
// it the Moz way. // it the Moz way.
if (frame()->tree()->child(propertyName)) { if (impl()->frame()->tree()->child(propertyName)) {
slot.setCustom(this, childFrameGetter); slot.setCustom(this, childFrameGetter);
return true; return true;
} }
...@@ -707,13 +723,13 @@ bool Window::getOwnPropertySlot(ExecState *exec, const Identifier& propertyName, ...@@ -707,13 +723,13 @@ bool Window::getOwnPropertySlot(ExecState *exec, const Identifier& propertyName,
// allow window[1] or parent[1] etc. (#56983) // allow window[1] or parent[1] etc. (#56983)
bool ok; bool ok;
unsigned i = propertyName.toArrayIndex(&ok); unsigned i = propertyName.toArrayIndex(&ok);
if (ok && i < m_frame->tree()->childCount()) { if (ok && i < impl()->frame()->tree()->childCount()) {
slot.setCustomIndex(this, i, indexGetter); slot.setCustomIndex(this, i, indexGetter);
return true; return true;
} }
// allow shortcuts like 'Image1' instead of document.images.Image1 // allow shortcuts like 'Image1' instead of document.images.Image1
Document *doc = m_frame->document(); Document *doc = impl()->frame()->document();
if (isSafeScript(exec) && doc && doc->isHTMLDocument()) { if (isSafeScript(exec) && doc && doc->isHTMLDocument()) {
AtomicString atomicPropertyName = propertyName; AtomicString atomicPropertyName = propertyName;
if (static_cast<HTMLDocument*>(doc)->hasNamedItem(atomicPropertyName) || doc->getElementById(atomicPropertyName)) { if (static_cast<HTMLDocument*>(doc)->hasNamedItem(atomicPropertyName) || doc->getElementById(atomicPropertyName)) {
...@@ -740,13 +756,13 @@ void Window::put(ExecState* exec, const Identifier& propertyName, JSValue* value ...@@ -740,13 +756,13 @@ void Window::put(ExecState* exec, const Identifier& propertyName, JSValue* value
switch (entry->value) { switch (entry->value) {
case Location_: { case Location_: {
Frame* p = Window::retrieveActive(exec)->m_frame; Frame* p = Window::retrieveActive(exec)->impl()->frame();
if (p) { if (p) {
DeprecatedString dstUrl = p->loader()->completeURL(DeprecatedString(value->toString(exec))).url(); DeprecatedString dstUrl = p->loader()->completeURL(DeprecatedString(value->toString(exec))).url();
if (!dstUrl.startsWith("javascript:", false) || isSafeScript(exec)) { if (!dstUrl.startsWith("javascript:", false) || isSafeScript(exec)) {
bool userGesture = static_cast<ScriptInterpreter *>(exec->dynamicInterpreter())->wasRunByUserGesture(); bool userGesture = static_cast<ScriptInterpreter *>(exec->dynamicInterpreter())->wasRunByUserGesture();
// We want a new history item if this JS was called via a user gesture // We want a new history item if this JS was called via a user gesture
m_frame->loader()->scheduleLocationChange(dstUrl, p->loader()->outgoingReferrer(), !userGesture, userGesture); impl()->frame()->loader()->scheduleLocationChange(dstUrl, p->loader()->outgoingReferrer(), !userGesture, userGesture);
} }
} }
return; return;
...@@ -859,16 +875,6 @@ void Window::put(ExecState* exec, const Identifier& propertyName, JSValue* value ...@@ -859,16 +875,6 @@ void Window::put(ExecState* exec, const Identifier& propertyName, JSValue* value
JSObject::put(exec, propertyName, value, attr); JSObject::put(exec, propertyName, value, attr);