Title: [94831] trunk/Source/WebCore
Revision
94831
Author
commit-qu...@webkit.org
Date
2011-09-08 20:20:59 -0700 (Thu, 08 Sep 2011)

Log Message

Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document.  This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
https://bugs.webkit.org/show_bug.cgi?id=66181

Patch by James Weatherall <w...@chromium.org> on 2011-09-08
Reviewed by Anders Carlsson.

No new tests - no functional change.

* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::removedFromDocument):
* html/HTMLPlugInElement.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (94830 => 94831)


--- trunk/Source/WebCore/ChangeLog	2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/ChangeLog	2011-09-09 03:20:59 UTC (rev 94831)
@@ -1,3 +1,16 @@
+2011-09-08  James Weatherall  <w...@chromium.org>
+
+        Release the reference to the HTMLPlugInElement's script object, when the element is removed from the document.  This breaks a cyclical reference that would otherwise cause the element to be retained until the document is torn down.
+        https://bugs.webkit.org/show_bug.cgi?id=66181
+
+        Reviewed by Anders Carlsson.
+
+        No new tests - no functional change.
+
+        * html/HTMLPlugInElement.cpp:
+        (WebCore::HTMLPlugInElement::removedFromDocument):
+        * html/HTMLPlugInElement.h:
+
 2011-09-08  Daniel Bates  <dba...@webkit.org>
 
         XSS filter bypass via non-standard URL encoding

Modified: trunk/Source/WebCore/html/HTMLPlugInElement.cpp (94830 => 94831)


--- trunk/Source/WebCore/html/HTMLPlugInElement.cpp	2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.cpp	2011-09-09 03:20:59 UTC (rev 94831)
@@ -81,6 +81,18 @@
     HTMLFrameOwnerElement::detach();
 }
 
+void HTMLPlugInElement::removedFromDocument()
+{
+#if ENABLE(NETSCAPE_PLUGIN_API)
+    if (m_NPObject) {
+        _NPN_ReleaseObject(m_NPObject);
+        m_NPObject = 0;
+    }
+#endif
+
+    HTMLFrameOwnerElement::removedFromDocument();
+}
+
 PassScriptInstance HTMLPlugInElement::getInstance()
 {
     Frame* frame = document()->frame();

Modified: trunk/Source/WebCore/html/HTMLPlugInElement.h (94830 => 94831)


--- trunk/Source/WebCore/html/HTMLPlugInElement.h	2011-09-09 03:19:44 UTC (rev 94830)
+++ trunk/Source/WebCore/html/HTMLPlugInElement.h	2011-09-09 03:20:59 UTC (rev 94831)
@@ -57,7 +57,7 @@
     HTMLPlugInElement(const QualifiedName& tagName, Document*);
 
     virtual void detach();
-
+    virtual void removedFromDocument();
     virtual bool mapToEntry(const QualifiedName& attrName, MappedAttributeEntry& result) const;
     virtual void parseMappedAttribute(Attribute*);
 
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

Reply via email to