Title: [94831] trunk/Source/WebCore
- Revision
- 94831
- Author
- commit-qu...@webkit.org
- Date
- 2011-09-08 20:20:59 -0700 (Thu, 08 Sep 2011)
Log Message
Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document. This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
https://bugs.webkit.org/show_bug.cgi?id=66181
Patch by James Weatherall <w...@chromium.org> on 2011-09-08
Reviewed by Anders Carlsson.
No new tests - no functional change.
* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::removedFromDocument):
* html/HTMLPlugInElement.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (94830 => 94831)
--- trunk/Source/WebCore/ChangeLog 2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/ChangeLog 2011-09-09 03:20:59 UTC (rev 94831)
@@ -1,3 +1,16 @@
+2011-09-08 James Weatherall <w...@chromium.org>
+
+ Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document. This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
+ https://bugs.webkit.org/show_bug.cgi?id=66181
+
+ Reviewed by Anders Carlsson.
+
+ No new tests - no functional change.
+
+ * html/HTMLPlugInElement.cpp:
+ (WebCore::HTMLPlugInElement::removedFromDocument):
+ * html/HTMLPlugInElement.h:
+
2011-09-08 Daniel Bates <dba...@webkit.org>
XSS filter bypass via non-standard URL encoding
Modified: trunk/Source/WebCore/html/HTMLPlugInElement.cpp (94830 => 94831)
--- trunk/Source/WebCore/html/HTMLPlugInElement.cpp 2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.cpp 2011-09-09 03:20:59 UTC (rev 94831)
@@ -81,6 +81,18 @@
HTMLFrameOwnerElement::detach();
}
+void HTMLPlugInElement::removedFromDocument()
+{
+#if ENABLE(NETSCAPE_PLUGIN_API)
+ if (m_NPObject) {
+ _NPN_ReleaseObject(m_NPObject);
+ m_NPObject = 0;
+ }
+#endif
+
+ HTMLFrameOwnerElement::removedFromDocument();
+}
+
PassScriptInstance HTMLPlugInElement::getInstance()
{
Frame* frame = document()->frame();
Modified: trunk/Source/WebCore/html/HTMLPlugInElement.h (94830 => 94831)
--- trunk/Source/WebCore/html/HTMLPlugInElement.h 2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.h 2011-09-09 03:20:59 UTC (rev 94831)
@@ -57,7 +57,7 @@
HTMLPlugInElement(const QualifiedName& tagName, Document*);
virtual void detach();
-
+ virtual void removedFromDocument();
virtual bool mapToEntry(const QualifiedName& attrName, MappedAttributeEntry& result) const;
virtual void parseMappedAttribute(Attribute*);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes