Title: [114320] trunk
- Revision
- 114320
- Author
- a...@chromium.org
- Date
- 2012-04-16 16:53:38 -0700 (Mon, 16 Apr 2012)
Log Message
[V8] Don't delete the per context data until the V8IsolatedContext is deleted
https://bugs.webkit.org/show_bug.cgi?id=83831
Reviewed by Nate Chapin.
Source/WebCore:
Test: http/tests/security/isolatedWorld/context-destroy.html
* bindings/v8/V8IsolatedContext.cpp:
(WebCore::V8IsolatedContext::destroy):
LayoutTests:
* http/tests/security/isolatedWorld/context-destroy-expected.txt: Added.
* http/tests/security/isolatedWorld/context-destroy.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (114319 => 114320)
--- trunk/LayoutTests/ChangeLog 2012-04-16 23:50:37 UTC (rev 114319)
+++ trunk/LayoutTests/ChangeLog 2012-04-16 23:53:38 UTC (rev 114320)
@@ -1,3 +1,13 @@
+2012-04-16 Erik Arvidsson <a...@chromium.org>
+
+ [V8] Don't delete the per context data until the V8IsolatedContext is deleted
+ https://bugs.webkit.org/show_bug.cgi?id=83831
+
+ Reviewed by Nate Chapin.
+
+ * http/tests/security/isolatedWorld/context-destroy-expected.txt: Added.
+ * http/tests/security/isolatedWorld/context-destroy.html: Added.
+
2012-04-16 Vincent Scheib <sch...@chromium.org>
[Chromium] Marking test failing TEXT: css3/filters/custom/custom-filter-property-computed-style.html.
Added: trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy-expected.txt (0 => 114320)
--- trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy-expected.txt 2012-04-16 23:53:38 UTC (rev 114320)
@@ -0,0 +1 @@
+PASS
Added: trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy.html (0 => 114320)
--- trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy.html (rev 0)
+++ trunk/LayoutTests/http/tests/security/isolatedWorld/context-destroy.html 2012-04-16 23:53:38 UTC (rev 114320)
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<p>FAIL</p>
+<iframe src=""
+<script type="text/x-isolate" id="s1">
+
+window._onunload_ = function() {
+ Window;
+};
+
+</script>
+<script>
+
+window._onload_ = function() {
+ if (window.layoutTestController) {
+ layoutTestController.waitUntilDone();
+ layoutTestController.dumpAsText();
+
+ var iframeElement = document.querySelector('iframe');
+ iframeElement.focus();
+ layoutTestController.evaluateScriptInIsolatedWorld(0, document.querySelector('#s1').textContent);
+
+ iframeElement._onload_ = function() {
+ document.body.textContent = 'PASS';
+ layoutTestController.notifyDone();
+ };
+ iframeElement.src = '';
+ }
+};
+
+</script>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (114319 => 114320)
--- trunk/Source/WebCore/ChangeLog 2012-04-16 23:50:37 UTC (rev 114319)
+++ trunk/Source/WebCore/ChangeLog 2012-04-16 23:53:38 UTC (rev 114320)
@@ -1,3 +1,15 @@
+2012-04-16 Erik Arvidsson <a...@chromium.org>
+
+ [V8] Don't delete the per context data until the V8IsolatedContext is deleted
+ https://bugs.webkit.org/show_bug.cgi?id=83831
+
+ Reviewed by Nate Chapin.
+
+ Test: http/tests/security/isolatedWorld/context-destroy.html
+
+ * bindings/v8/V8IsolatedContext.cpp:
+ (WebCore::V8IsolatedContext::destroy):
+
2012-04-16 Greg Billock <gbill...@google.com>
Add V8 code generation support for MessagePortArray attributes.
Modified: trunk/Source/WebCore/bindings/v8/V8IsolatedContext.cpp (114319 => 114320)
--- trunk/Source/WebCore/bindings/v8/V8IsolatedContext.cpp 2012-04-16 23:50:37 UTC (rev 114319)
+++ trunk/Source/WebCore/bindings/v8/V8IsolatedContext.cpp 2012-04-16 23:53:38 UTC (rev 114320)
@@ -87,7 +87,6 @@
void V8IsolatedContext::destroy()
{
- m_perContextData.clear();
m_frame->loader()->client()->willReleaseScriptContext(context(), m_world->id());
m_context->get().MakeWeak(this, &contextWeakReferenceCallback);
m_frame = 0;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
