[webkit-changes] [238676] trunk

Thu, 29 Nov 2018 10:42:02 -0800

Title: [238676] trunk
Revision
238676
Author
sihui_...@apple.com
Date
2018-11-29 10:41:48 -0800 (Thu, 29 Nov 2018)

Log Message

Unexpected constructor / instanceof  behavior when retrieving indexedDB data in an iframe
https://bugs.webkit.org/show_bug.cgi?id=185906
<rdar://problem/40583100>

Reviewed by Geoffrey Garen.

Source/WebCore:

ScriptExecutionContext::execState() returned state of main frame, so deserialization of
IDBValue in iframe used constructors of main frame, which is wrong.

Test: storage/indexeddb/instanceof-iframe.html

* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::execState):

LayoutTests:

* storage/indexeddb/instanceof-iframe-expected.txt: Added.
* storage/indexeddb/instanceof-iframe.html: Added.
* storage/indexeddb/resources/instanceof-iframe.js: Added.
(test.else.shouldBe):
(test.else.shouldBeTrue):
(test.else.shouldBeFalse):
(test.else.evalAndLog):
(test):
(callback):

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (238675 => 238676)


--- trunk/LayoutTests/ChangeLog	2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/LayoutTests/ChangeLog	2018-11-29 18:41:48 UTC (rev 238676)
@@ -1,3 +1,21 @@
+2018-11-29  Sihui Liu  <sihui_...@apple.com>
+
+        Unexpected constructor / instanceof  behavior when retrieving indexedDB data in an iframe
+        https://bugs.webkit.org/show_bug.cgi?id=185906
+        <rdar://problem/40583100>
+
+        Reviewed by Geoffrey Garen.
+
+        * storage/indexeddb/instanceof-iframe-expected.txt: Added.
+        * storage/indexeddb/instanceof-iframe.html: Added.
+        * storage/indexeddb/resources/instanceof-iframe.js: Added.
+        (test.else.shouldBe):
+        (test.else.shouldBeTrue):
+        (test.else.shouldBeFalse):
+        (test.else.evalAndLog):
+        (test):
+        (callback):
+
 2018-11-28  Dean Jackson  <d...@apple.com>
 
         [ES Modules] Allow .mjs content when loaded from file://

Added: trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt (0 => 238676)


--- trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt	2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,35 @@
+indexedDB.deleteDatabase('testDB')
+indexedDB.open('testDB', 1)
+openRequest.result.createObjectStore('testObjectStore', {keyPath: 'id'})
+tx = openRequest.result.transaction('testObjectStore', 'readwrite')
+store = tx.objectStore('testObjectStore')
+store.put({id: 1, array:[1,2,3], arrayBuffer: new ArrayBuffer(3), set: new Set([1,2,3]), map: new Map([[1, 'one']]), object: { name: 'test' }})
+store.get(1)
+PASS result.array instanceof Array is true
+PASS result.arrayBuffer instanceof ArrayBuffer is true
+PASS result.set instanceof Set is true
+PASS result.map instanceof Map is true
+PASS result.object instanceof Object is true
+PASS result.array instanceof window.top.Array is true
+PASS result.arrayBuffer instanceof window.top.ArrayBuffer is true
+PASS result.set instanceof window.top.Set is true
+PASS result.map instanceof window.top.Map is true
+PASS result.object instanceof window.top.Object is true
+indexedDB.open('testDB', 1)
+tx = openRequest.result.transaction('testObjectStore', 'readwrite')
+store = tx.objectStore('testObjectStore')
+store.get(1)
+PASS result.array instanceof Array equals to true.
+PASS result.arrayBuffer instanceof ArrayBuffer equals to true.
+PASS result.set instanceof Set equals to true.
+PASS result.map instanceof Map equals to true.
+PASS result.object instanceof Object equals to true.
+PASS result.array instanceof window.top.Array equals to false.
+PASS result.arrayBuffer instanceof window.top.ArrayBuffer equals to false.
+PASS result.set instanceof window.top.Set equals to false.
+PASS result.map instanceof window.top.Map equals to false.
+PASS result.object instanceof window.top.Object equals to false.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html (0 => 238676)


--- trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html	                        (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html	2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,10 @@
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<script src=""
+<iframe id="testIframe"></iframe>
+</body>
+</html>
\ No newline at end of file

Added: trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js (0 => 238676)


--- trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js	                        (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js	2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,63 @@
+function test(callback) {
+    isMainFrame = self == top;
+    if (isMainFrame)
+        evalAndLog("indexedDB.deleteDatabase('testDB')");
+    else {
+        shouldBe = function(a, b) {
+            aVal = eval(a);
+            bVal = eval(b);
+            if (aVal != bVal)
+                parent.testFailed(a + " is " + aVal + ", not " + bVal + ".");
+            else 
+                parent.testPassed(a + " equals to " + b  + ".");
+        }
+        shouldBeTrue = function(a) {
+            shouldBe(a, "true");
+        }
+        shouldBeFalse = function(a) {
+            shouldBe(a, "false");
+        }
+        evalAndLog = function(a) {
+            parent.debug(a);
+            return eval(a);
+        }
+    }
+
+    openRequest = evalAndLog("indexedDB.open('testDB', 1)");
+    openRequest._onupgradeneeded_ = () => { 
+        request = evalAndLog("openRequest.result.createObjectStore('testObjectStore', {keyPath: 'id'})"); 
+        request._onerror_ = unexpectedErrorCallback;
+    }
+    openRequest._onsuccess_ = () => {
+        tx = evalAndLog("tx = openRequest.result.transaction('testObjectStore', 'readwrite')");
+        tx._oncomplete_ = () => { callback(); }
+        store = evalAndLog("store = tx.objectStore('testObjectStore')");
+
+        if (isMainFrame)
+            evalAndLog("store.put({id: 1, array:[1,2,3], arrayBuffer: new ArrayBuffer(3), set: new Set([1,2,3]), map: new Map([[1, 'one']]), object: { name: 'test' }})");
+
+        request = evalAndLog("store.get(1)");
+        request._onsuccess_ = (event) => {
+            result = request.result;
+
+            shouldBeTrue("result.array instanceof Array");
+            shouldBeTrue("result.arrayBuffer instanceof ArrayBuffer");
+            shouldBeTrue("result.set instanceof Set");
+            shouldBeTrue("result.map instanceof Map");
+            shouldBeTrue("result.object instanceof Object");
+            expected = isMainFrame.toString();
+            shouldBe("result.array instanceof window.top.Array", expected);
+            shouldBe("result.arrayBuffer instanceof window.top.ArrayBuffer", expected);
+            shouldBe("result.set instanceof window.top.Set", expected);
+            shouldBe("result.map instanceof window.top.Map", expected);
+            shouldBe("result.object instanceof window.top.Object", expected);
+        }
+    }
+}
+
+function callback() {
+    iframe = document.getElementById("testIframe");
+    iframe.srcdoc = `<!DOCTYPE html><html></` + `script><script type="text/_javascript_">${test.toString()} test(function() { parent.finishJSTest();});</` + `script></html>`;
+}
+
+test(callback);
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (238675 => 238676)


--- trunk/Source/WebCore/ChangeLog	2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/Source/WebCore/ChangeLog	2018-11-29 18:41:48 UTC (rev 238676)
@@ -1,3 +1,19 @@
+2018-11-29  Sihui Liu  <sihui_...@apple.com>
+
+        Unexpected constructor / instanceof  behavior when retrieving indexedDB data in an iframe
+        https://bugs.webkit.org/show_bug.cgi?id=185906
+        <rdar://problem/40583100>
+
+        Reviewed by Geoffrey Garen.
+
+        ScriptExecutionContext::execState() returned state of main frame, so deserialization of 
+        IDBValue in iframe used constructors of main frame, which is wrong.
+
+        Test: storage/indexeddb/instanceof-iframe.html
+
+        * dom/ScriptExecutionContext.cpp:
+        (WebCore::ScriptExecutionContext::execState):
+
 2018-11-29  Don Olmstead  <don.olmst...@sony.com>
 
         Make generic ScrollAnimator

Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (238675 => 238676)


--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp	2018-11-29 18:41:48 UTC (rev 238676)
@@ -525,7 +525,8 @@
 {
     if (is<Document>(*this)) {
         Document& document = downcast<Document>(*this);
-        return execStateFromPage(mainThreadNormalWorld(), document.page());
+        auto* frame = document.frame();
+        return frame ? frame->script().globalObject(mainThreadNormalWorld())->globalExec() : nullptr;
     }
 
     if (is<WorkerGlobalScope>(*this))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to