- Revision
- 238676
- Author
- sihui_...@apple.com
- Date
- 2018-11-29 10:41:48 -0800 (Thu, 29 Nov 2018)
Log Message
Unexpected constructor / instanceof behavior when retrieving indexedDB data in an iframe
https://bugs.webkit.org/show_bug.cgi?id=185906
<rdar://problem/40583100>
Reviewed by Geoffrey Garen.
Source/WebCore:
ScriptExecutionContext::execState() returned state of main frame, so deserialization of
IDBValue in iframe used constructors of main frame, which is wrong.
Test: storage/indexeddb/instanceof-iframe.html
* dom/ScriptExecutionContext.cpp:
(WebCore::ScriptExecutionContext::execState):
LayoutTests:
* storage/indexeddb/instanceof-iframe-expected.txt: Added.
* storage/indexeddb/instanceof-iframe.html: Added.
* storage/indexeddb/resources/instanceof-iframe.js: Added.
(test.else.shouldBe):
(test.else.shouldBeTrue):
(test.else.shouldBeFalse):
(test.else.evalAndLog):
(test):
(callback):
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (238675 => 238676)
--- trunk/LayoutTests/ChangeLog 2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/LayoutTests/ChangeLog 2018-11-29 18:41:48 UTC (rev 238676)
@@ -1,3 +1,21 @@
+2018-11-29 Sihui Liu <sihui_...@apple.com>
+
+ Unexpected constructor / instanceof behavior when retrieving indexedDB data in an iframe
+ https://bugs.webkit.org/show_bug.cgi?id=185906
+ <rdar://problem/40583100>
+
+ Reviewed by Geoffrey Garen.
+
+ * storage/indexeddb/instanceof-iframe-expected.txt: Added.
+ * storage/indexeddb/instanceof-iframe.html: Added.
+ * storage/indexeddb/resources/instanceof-iframe.js: Added.
+ (test.else.shouldBe):
+ (test.else.shouldBeTrue):
+ (test.else.shouldBeFalse):
+ (test.else.evalAndLog):
+ (test):
+ (callback):
+
2018-11-28 Dean Jackson <d...@apple.com>
[ES Modules] Allow .mjs content when loaded from file://
Added: trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt (0 => 238676)
--- trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/instanceof-iframe-expected.txt 2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,35 @@
+indexedDB.deleteDatabase('testDB')
+indexedDB.open('testDB', 1)
+openRequest.result.createObjectStore('testObjectStore', {keyPath: 'id'})
+tx = openRequest.result.transaction('testObjectStore', 'readwrite')
+store = tx.objectStore('testObjectStore')
+store.put({id: 1, array:[1,2,3], arrayBuffer: new ArrayBuffer(3), set: new Set([1,2,3]), map: new Map([[1, 'one']]), object: { name: 'test' }})
+store.get(1)
+PASS result.array instanceof Array is true
+PASS result.arrayBuffer instanceof ArrayBuffer is true
+PASS result.set instanceof Set is true
+PASS result.map instanceof Map is true
+PASS result.object instanceof Object is true
+PASS result.array instanceof window.top.Array is true
+PASS result.arrayBuffer instanceof window.top.ArrayBuffer is true
+PASS result.set instanceof window.top.Set is true
+PASS result.map instanceof window.top.Map is true
+PASS result.object instanceof window.top.Object is true
+indexedDB.open('testDB', 1)
+tx = openRequest.result.transaction('testObjectStore', 'readwrite')
+store = tx.objectStore('testObjectStore')
+store.get(1)
+PASS result.array instanceof Array equals to true.
+PASS result.arrayBuffer instanceof ArrayBuffer equals to true.
+PASS result.set instanceof Set equals to true.
+PASS result.map instanceof Map equals to true.
+PASS result.object instanceof Object equals to true.
+PASS result.array instanceof window.top.Array equals to false.
+PASS result.arrayBuffer instanceof window.top.ArrayBuffer equals to false.
+PASS result.set instanceof window.top.Set equals to false.
+PASS result.map instanceof window.top.Map equals to false.
+PASS result.object instanceof window.top.Object equals to false.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html (0 => 238676)
--- trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/instanceof-iframe.html 2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,10 @@
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<script src=""
+<iframe id="testIframe"></iframe>
+</body>
+</html>
\ No newline at end of file
Added: trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js (0 => 238676)
--- trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/resources/instanceof-iframe.js 2018-11-29 18:41:48 UTC (rev 238676)
@@ -0,0 +1,63 @@
+function test(callback) {
+ isMainFrame = self == top;
+ if (isMainFrame)
+ evalAndLog("indexedDB.deleteDatabase('testDB')");
+ else {
+ shouldBe = function(a, b) {
+ aVal = eval(a);
+ bVal = eval(b);
+ if (aVal != bVal)
+ parent.testFailed(a + " is " + aVal + ", not " + bVal + ".");
+ else
+ parent.testPassed(a + " equals to " + b + ".");
+ }
+ shouldBeTrue = function(a) {
+ shouldBe(a, "true");
+ }
+ shouldBeFalse = function(a) {
+ shouldBe(a, "false");
+ }
+ evalAndLog = function(a) {
+ parent.debug(a);
+ return eval(a);
+ }
+ }
+
+ openRequest = evalAndLog("indexedDB.open('testDB', 1)");
+ openRequest._onupgradeneeded_ = () => {
+ request = evalAndLog("openRequest.result.createObjectStore('testObjectStore', {keyPath: 'id'})");
+ request._onerror_ = unexpectedErrorCallback;
+ }
+ openRequest._onsuccess_ = () => {
+ tx = evalAndLog("tx = openRequest.result.transaction('testObjectStore', 'readwrite')");
+ tx._oncomplete_ = () => { callback(); }
+ store = evalAndLog("store = tx.objectStore('testObjectStore')");
+
+ if (isMainFrame)
+ evalAndLog("store.put({id: 1, array:[1,2,3], arrayBuffer: new ArrayBuffer(3), set: new Set([1,2,3]), map: new Map([[1, 'one']]), object: { name: 'test' }})");
+
+ request = evalAndLog("store.get(1)");
+ request._onsuccess_ = (event) => {
+ result = request.result;
+
+ shouldBeTrue("result.array instanceof Array");
+ shouldBeTrue("result.arrayBuffer instanceof ArrayBuffer");
+ shouldBeTrue("result.set instanceof Set");
+ shouldBeTrue("result.map instanceof Map");
+ shouldBeTrue("result.object instanceof Object");
+ expected = isMainFrame.toString();
+ shouldBe("result.array instanceof window.top.Array", expected);
+ shouldBe("result.arrayBuffer instanceof window.top.ArrayBuffer", expected);
+ shouldBe("result.set instanceof window.top.Set", expected);
+ shouldBe("result.map instanceof window.top.Map", expected);
+ shouldBe("result.object instanceof window.top.Object", expected);
+ }
+ }
+}
+
+function callback() {
+ iframe = document.getElementById("testIframe");
+ iframe.srcdoc = `<!DOCTYPE html><html></` + `script><script type="text/_javascript_">${test.toString()} test(function() { parent.finishJSTest();});</` + `script></html>`;
+}
+
+test(callback);
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (238675 => 238676)
--- trunk/Source/WebCore/ChangeLog 2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/Source/WebCore/ChangeLog 2018-11-29 18:41:48 UTC (rev 238676)
@@ -1,3 +1,19 @@
+2018-11-29 Sihui Liu <sihui_...@apple.com>
+
+ Unexpected constructor / instanceof behavior when retrieving indexedDB data in an iframe
+ https://bugs.webkit.org/show_bug.cgi?id=185906
+ <rdar://problem/40583100>
+
+ Reviewed by Geoffrey Garen.
+
+ ScriptExecutionContext::execState() returned state of main frame, so deserialization of
+ IDBValue in iframe used constructors of main frame, which is wrong.
+
+ Test: storage/indexeddb/instanceof-iframe.html
+
+ * dom/ScriptExecutionContext.cpp:
+ (WebCore::ScriptExecutionContext::execState):
+
2018-11-29 Don Olmstead <don.olmst...@sony.com>
Make generic ScrollAnimator
Modified: trunk/Source/WebCore/dom/ScriptExecutionContext.cpp (238675 => 238676)
--- trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2018-11-29 18:36:29 UTC (rev 238675)
+++ trunk/Source/WebCore/dom/ScriptExecutionContext.cpp 2018-11-29 18:41:48 UTC (rev 238676)
@@ -525,7 +525,8 @@
{
if (is<Document>(*this)) {
Document& document = downcast<Document>(*this);
- return execStateFromPage(mainThreadNormalWorld(), document.page());
+ auto* frame = document.frame();
+ return frame ? frame->script().globalObject(mainThreadNormalWorld())->globalExec() : nullptr;
}
if (is<WorkerGlobalScope>(*this))