Commit a5d0af3b authored by timothy@apple.com's avatar timothy@apple.com

Fixes the assertion and crash that would happen when inspecting a element from a frame.

This change makes JSInspectedObjectWrapper pass unwrapped objects around for global objects
that share the same page group identifier. Also returns jsUndefined() instead of 0 to prevent
crashing in release builds if the page groups don't match.

Passes all the tests in: manual-tests/inspector-wrappers

Reviewed by Adam Roben.

* bindings/js/JSInspectedObjectWrapper.cpp:
(WebCore::JSInspectedObjectWrapper::prepareIncomingValue): Return jsUndefined() instead of 0.
Call allowsUnwrappedAccessFrom instead of unwrappedExecStateMatches.
* bindings/js/JSQuarantinedObjectWrapper.cpp:
(WebCore::JSQuarantinedObjectWrapper::allowsUnwrappedAccessFrom): Renamed from unwrappedExecStateMatches.
Return true if the pageGroupIdentifier of both wrappers match.
(WebCore::JSQuarantinedObjectWrapper::callAsFunction): Return jsUndefined() instead of 0.
* bindings/js/JSQuarantinedObjectWrapper.h: Renamed unwrappedExecStateMatches to allowsUnwrappedAccessFrom.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@33414 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent f1d15fc9
2008-05-13 Timothy Hatcher <timothy@apple.com>
Fixes the assertion and crash that would happen when inspecting a element from a frame.
This change makes JSInspectedObjectWrapper pass unwrapped objects around for global objects
that share the same page group identifier. Also returns jsUndefined() instead of 0 to prevent
crashing in release builds if the page groups don't match.
Passes all the tests in: manual-tests/inspector-wrappers
Reviewed by Adam Roben.
* bindings/js/JSInspectedObjectWrapper.cpp:
(WebCore::JSInspectedObjectWrapper::prepareIncomingValue): Return jsUndefined() instead of 0.
Call allowsUnwrappedAccessFrom instead of unwrappedExecStateMatches.
* bindings/js/JSQuarantinedObjectWrapper.cpp:
(WebCore::JSQuarantinedObjectWrapper::allowsUnwrappedAccessFrom): Renamed from unwrappedExecStateMatches.
Return true if the pageGroupIdentifier of both wrappers match.
(WebCore::JSQuarantinedObjectWrapper::callAsFunction): Return jsUndefined() instead of 0.
* bindings/js/JSQuarantinedObjectWrapper.h: Renamed unwrappedExecStateMatches to allowsUnwrappedAccessFrom.
2008-05-13 Timothy Hatcher <timothy@apple.com>
Fixes the hang that could happen when option-clicking to expand
......@@ -83,12 +83,12 @@ JSValue* JSInspectedObjectWrapper::prepareIncomingValue(ExecState*, JSValue* val
JSQuarantinedObjectWrapper* wrapper = asWrapper(value);
ASSERT_WITH_MESSAGE(wrapper, "Objects passed to JSInspectedObjectWrapper must be wrapped");
if (!wrapper)
return 0;
return jsUndefined();
if (wrapper->unwrappedExecStateMatches(unwrappedExecState())) {
if (wrapper->allowsUnwrappedAccessFrom(unwrappedExecState())) {
ASSERT_WITH_MESSAGE(wrapper->inherits(&s_info), "A wrapper contains an object from the inspected page but is not a JSInspectedObjectWrapper");
if (!wrapper->inherits(&s_info))
return 0;
return jsUndefined();
// Return the unwrapped object so the inspected page never sees one of its own objects in wrapped form.
return wrapper->unwrappedObject();
......@@ -96,7 +96,7 @@ JSValue* JSInspectedObjectWrapper::prepareIncomingValue(ExecState*, JSValue* val
ASSERT_WITH_MESSAGE(wrapper->inherits(&JSInspectorCallbackWrapper::s_info), "A wrapper that was not from the inspected page and is not an Inspector callback was passed to a JSInspectedObjectWrapper");
if (!wrapper->inherits(&JSInspectorCallbackWrapper::s_info))
return 0;
return jsUndefined();
return wrapper;
}
......
......@@ -69,9 +69,9 @@ JSQuarantinedObjectWrapper::~JSQuarantinedObjectWrapper()
{
}
bool JSQuarantinedObjectWrapper::unwrappedExecStateMatches(const ExecState* exec) const
bool JSQuarantinedObjectWrapper::allowsUnwrappedAccessFrom(const ExecState* exec) const
{
return m_unwrappedGlobalObject == exec->dynamicGlobalObject();
return m_unwrappedGlobalObject->pageGroupIdentifier() == exec->dynamicGlobalObject()->pageGroupIdentifier();
}
ExecState* JSQuarantinedObjectWrapper::unwrappedExecState() const
......@@ -246,17 +246,17 @@ bool JSQuarantinedObjectWrapper::implementsCall() const
JSValue* JSQuarantinedObjectWrapper::callAsFunction(ExecState* exec, JSObject* thisObj, const List& args)
{
if (!allowsCallAsFunction())
return 0;
return jsUndefined();
JSObject* preparedThisObj = static_cast<JSObject*>(prepareIncomingValue(exec, thisObj));
if (!preparedThisObj)
return 0;
return jsUndefined();
List preparedArgs;
for (size_t i = 0; i < args.size(); ++i) {
JSValue* preparedValue = prepareIncomingValue(exec, args[i]);
if (!preparedValue)
return 0;
return jsUndefined();
preparedArgs.append(preparedValue);
}
......
......@@ -39,7 +39,7 @@ namespace WebCore {
KJS::JSObject* unwrappedObject() const { return m_unwrappedObject; }
KJS::ExecState* unwrappedExecState() const;
bool unwrappedExecStateMatches(const KJS::ExecState*) const;
bool allowsUnwrappedAccessFrom(const KJS::ExecState*) const;
virtual bool getOwnPropertySlot(KJS::ExecState*, const KJS::Identifier&, KJS::PropertySlot&);
virtual bool getOwnPropertySlot(KJS::ExecState*, unsigned, KJS::PropertySlot&);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment