Diff
Modified: trunk/LayoutTests/ChangeLog (92470 => 92471)
--- trunk/LayoutTests/ChangeLog 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/LayoutTests/ChangeLog 2011-08-05 09:37:02 UTC (rev 92471)
@@ -1,3 +1,13 @@
+2011-08-05 Yury Semikhatsky <[email protected]>
+
+ Web Inspector: constrain maximum depth for returnByValue objects
+ https://bugs.webkit.org/show_bug.cgi?id=65761
+
+ Reviewed by Pavel Feldman.
+
+ * inspector/protocol/runtime-agent-expected.txt:
+ * inspector/protocol/runtime-agent.html:
+
2011-08-05 Zoltan Horvath <[email protected]>
[Qt] Add http/tests/inspector/resource-tree/resource-tree-non-unique-url.html
Modified: trunk/LayoutTests/inspector/protocol/runtime-agent-expected.txt (92470 => 92471)
--- trunk/LayoutTests/inspector/protocol/runtime-agent-expected.txt 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/LayoutTests/inspector/protocol/runtime-agent-expected.txt 2011-08-05 09:37:02 UTC (rev 92471)
@@ -78,6 +78,88 @@
}
-----------------------------------------------------------
+RuntimeAgent.evaluate("var o = {n:2011, b:true, s:\"a string\", o:{n:2011}}; o","test",false,true,null,true)
+
+request:
+{
+ method : "Runtime.evaluate"
+ params : {
+ _expression_ : "var o = {n:2011, b:true, s:"a string", o:{n:2011}}; o"
+ objectGroup : "test"
+ includeCommandLineAPI : false
+ doNotPauseOnExceptions : true
+ returnByValue : true
+ }
+ id : <number>
+}
+
+response:
+{
+ result : {
+ result : {
+ type : "object"
+ value : {
+ n : 2011
+ b : true
+ s : "a string"
+ o : {
+ n : 2011
+ }
+ }
+ }
+ }
+ id : <number>
+}
+
+-----------------------------------------------------------
+RuntimeAgent.evaluate("var x = {}; x.self = x; x","test",false,true,null,true)
+
+request:
+{
+ method : "Runtime.evaluate"
+ params : {
+ _expression_ : "var x = {}; x.self = x; x"
+ objectGroup : "test"
+ includeCommandLineAPI : false
+ doNotPauseOnExceptions : true
+ returnByValue : true
+ }
+ id : <number>
+}
+
+response:
+{
+ error : {
+ code : -32000
+ message : "Object has too long reference chain(must not be longer than 1000)"
+ }
+ id : <number>
+}
+
+-----------------------------------------------------------
+RuntimeAgent.callFunctionOn(<string>,"function() { this.self = this; return this; }",null,true)
+
+request:
+{
+ method : "Runtime.callFunctionOn"
+ params : {
+ objectId : <string>
+ functionDeclaration : "function() { this.self = this; return this; }"
+ returnByValue : true
+ }
+ id : <number>
+}
+
+response:
+{
+ error : {
+ code : -32000
+ message : "Object has too long reference chain(must not be longer than 1000)"
+ }
+ id : <number>
+}
+
+-----------------------------------------------------------
RuntimeAgent.getProperties(<string>,false)
request:
@@ -102,6 +184,15 @@
}
}
{
+ name : "self"
+ value : {
+ type : "object"
+ objectId : <string>
+ className : <string>
+ description : "TestObject"
+ }
+ }
+ {
name : "__proto__"
value : {
type : "object"
Modified: trunk/LayoutTests/inspector/protocol/runtime-agent.html (92470 => 92471)
--- trunk/LayoutTests/inspector/protocol/runtime-agent.html 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/LayoutTests/inspector/protocol/runtime-agent.html 2011-08-05 09:37:02 UTC (rev 92471)
@@ -20,6 +20,12 @@
["RuntimeAgent", "evaluate", 'testObject', 'test', false],
["RuntimeAgent", "evaluate", 'testObject', 'test'],
["RuntimeAgent", "callFunctionOn", result.objectId, 'function() { this.assignedByCallFunctionOn = "callFunctionOn function works fine"; return this.assignedByCallFunctionOn; }'],
+
+ // test returnByValue:
+ ["RuntimeAgent", "evaluate", 'var o = {n:2011, b:true, s:"a string", o:{n:2011}}; o', 'test', false, true, undefined, true],
+ ["RuntimeAgent", "evaluate", 'var x = {}; x.self = x; x', 'test', false, true, undefined, true],
+ ["RuntimeAgent", "callFunctionOn", result.objectId, 'function() { this.self = this; return this; }', undefined, true],
+
["RuntimeAgent", "getProperties", result.objectId, false],
["RuntimeAgent", "releaseObject", result.objectId],
["RuntimeAgent", "releaseObjectGroup", 'test']];
Modified: trunk/Source/WebCore/ChangeLog (92470 => 92471)
--- trunk/Source/WebCore/ChangeLog 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/Source/WebCore/ChangeLog 2011-08-05 09:37:02 UTC (rev 92471)
@@ -1,3 +1,22 @@
+2011-08-05 Yury Semikhatsky <[email protected]>
+
+ Web Inspector: constrain maximum depth for returnByValue objects
+ https://bugs.webkit.org/show_bug.cgi?id=65761
+
+ Set maximum depth to 20 for objects returned by value as a result of evaluations.
+
+ Reviewed by Pavel Feldman.
+
+ * bindings/js/ScriptValue.cpp:
+ (WebCore::jsToInspectorValue):
+ (WebCore::ScriptValue::toInspectorValue):
+ * bindings/v8/ScriptValue.cpp:
+ (WebCore::v8ToInspectorValue):
+ (WebCore::ScriptValue::toInspectorValue):
+ * inspector/InjectedScript.cpp:
+ (WebCore::InjectedScript::makeCall):
+ * inspector/InspectorValues.h:
+
2011-08-05 Mark Pilgrim <[email protected]>
Remove LegacyDefaultOptionalArguments flag from appcache IDL files
Modified: trunk/Source/WebCore/bindings/js/ScriptValue.cpp (92470 => 92471)
--- trunk/Source/WebCore/bindings/js/ScriptValue.cpp 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/Source/WebCore/bindings/js/ScriptValue.cpp 2011-08-05 09:37:02 UTC (rev 92471)
@@ -111,12 +111,17 @@
}
#if ENABLE(INSPECTOR)
-static PassRefPtr<InspectorValue> jsToInspectorValue(ScriptState* scriptState, JSValue value)
+static PassRefPtr<InspectorValue> jsToInspectorValue(ScriptState* scriptState, JSValue value, int maxDepth)
{
if (!value) {
ASSERT_NOT_REACHED();
return 0;
}
+
+ if (!maxDepth)
+ return 0;
+ maxDepth--;
+
if (value.isNull() || value.isUndefined())
return InspectorValue::null();
if (value.isBoolean())
@@ -134,11 +139,9 @@
unsigned length = array->length();
for (unsigned i = 0; i < length; i++) {
JSValue element = array->getIndex(i);
- RefPtr<InspectorValue> elementValue = jsToInspectorValue(scriptState, element);
- if (!elementValue) {
- ASSERT_NOT_REACHED();
- elementValue = InspectorValue::null();
- }
+ RefPtr<InspectorValue> elementValue = jsToInspectorValue(scriptState, element, maxDepth);
+ if (!elementValue)
+ return 0;
inspectorArray->pushValue(elementValue);
}
return inspectorArray;
@@ -150,11 +153,9 @@
for (size_t i = 0; i < propertyNames.size(); i++) {
const Identifier& name = propertyNames[i];
JSValue propertyValue = object->get(scriptState, name);
- RefPtr<InspectorValue> inspectorValue = jsToInspectorValue(scriptState, propertyValue);
- if (!inspectorValue) {
- ASSERT_NOT_REACHED();
- inspectorValue = InspectorValue::null();
- }
+ RefPtr<InspectorValue> inspectorValue = jsToInspectorValue(scriptState, propertyValue, maxDepth);
+ if (!inspectorValue)
+ return 0;
inspectorObject->setValue(String(name.characters(), name.length()), inspectorValue);
}
return inspectorObject;
@@ -165,7 +166,7 @@
PassRefPtr<InspectorValue> ScriptValue::toInspectorValue(ScriptState* scriptState) const
{
- return jsToInspectorValue(scriptState, m_value.get());
+ return jsToInspectorValue(scriptState, m_value.get(), InspectorValue::maxDepth);
}
#endif // ENABLE(INSPECTOR)
Modified: trunk/Source/WebCore/bindings/v8/ScriptValue.cpp (92470 => 92471)
--- trunk/Source/WebCore/bindings/v8/ScriptValue.cpp 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/Source/WebCore/bindings/v8/ScriptValue.cpp 2011-08-05 09:37:02 UTC (rev 92471)
@@ -73,12 +73,17 @@
}
#if ENABLE(INSPECTOR)
-static PassRefPtr<InspectorValue> v8ToInspectorValue(v8::Handle<v8::Value> value)
+static PassRefPtr<InspectorValue> v8ToInspectorValue(v8::Handle<v8::Value> value, int maxDepth)
{
if (value.IsEmpty()) {
ASSERT_NOT_REACHED();
return 0;
}
+
+ if (!maxDepth)
+ return 0;
+ maxDepth--;
+
if (value->IsNull() || value->IsUndefined())
return InspectorValue::null();
if (value->IsBoolean())
@@ -93,11 +98,9 @@
uint32_t length = array->Length();
for (uint32_t i = 0; i < length; i++) {
v8::Local<v8::Value> value = array->Get(v8::Int32::New(i));
- RefPtr<InspectorValue> element = v8ToInspectorValue(value);
- if (!element) {
- ASSERT_NOT_REACHED();
- element = InspectorValue::null();
- }
+ RefPtr<InspectorValue> element = v8ToInspectorValue(value, maxDepth);
+ if (!element)
+ return 0;
inspectorArray->pushValue(element);
}
return inspectorArray;
@@ -112,11 +115,9 @@
// FIXME(yurys): v8::Object should support GetOwnPropertyNames
if (name->IsString() && !object->HasRealNamedProperty(v8::Handle<v8::String>::Cast(name)))
continue;
- RefPtr<InspectorValue> propertyValue = v8ToInspectorValue(object->Get(name));
- if (!propertyValue) {
- ASSERT_NOT_REACHED();
- continue;
- }
+ RefPtr<InspectorValue> propertyValue = v8ToInspectorValue(object->Get(name), maxDepth);
+ if (!propertyValue)
+ return 0;
inspectorObject->setValue(toWebCoreStringWithNullCheck(name), propertyValue);
}
return inspectorObject;
@@ -130,7 +131,7 @@
v8::HandleScope handleScope;
// v8::Object::GetPropertyNames() expects current context to be not null.
v8::Context::Scope contextScope(scriptState->context());
- return v8ToInspectorValue(m_value);
+ return v8ToInspectorValue(m_value, InspectorValue::maxDepth);
}
#endif
Modified: trunk/Source/WebCore/inspector/InjectedScript.cpp (92470 => 92471)
--- trunk/Source/WebCore/inspector/InjectedScript.cpp 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/Source/WebCore/inspector/InjectedScript.cpp 2011-08-05 09:37:02 UTC (rev 92471)
@@ -192,9 +192,11 @@
ScriptValue resultValue = function.call(hadException);
ASSERT(!hadException);
- if (!hadException)
+ if (!hadException) {
*result = resultValue.toInspectorValue(m_injectedScriptObject.scriptState());
- else
+ if (!*result)
+ *result = InspectorString::create(String::format("Object has too long reference chain(must not be longer than %d)", InspectorValue::maxDepth));
+ } else
*result = InspectorString::create("Exception while making a call.");
}
Modified: trunk/Source/WebCore/inspector/InspectorValues.h (92470 => 92471)
--- trunk/Source/WebCore/inspector/InspectorValues.h 2011-08-05 09:30:58 UTC (rev 92470)
+++ trunk/Source/WebCore/inspector/InspectorValues.h 2011-08-05 09:37:02 UTC (rev 92471)
@@ -48,6 +48,8 @@
class InspectorValue : public RefCounted<InspectorValue> {
public:
+ static const int maxDepth = 1000;
+
InspectorValue() : m_type(TypeNull) { }
virtual ~InspectorValue() { }
